Something big was set in motion in China. It’s called the Social Credit System^. It leverages the latest in technology in order to build something akin to a criminal record, except that it’s updated much more frequently (possibly even real-time in certain cases). It doesn’t only cover crime, but pretty much any action that the government can track, online and offline:
As we know, China has an extremely well-developed tracking & censorship apparatus. Through the Social Credit System, even minor social offenses such as jaywalking or smoking outside designated areas can be turned into punishments that can seriously affect one’s life. In the article below you can find a rather shocking video (well, not entirely shocking to me since I suspected this was coming^) about the country’s highly developed video surveillance system:
The punishments that the Chinese have come up with for citizens who stumble into a low social credit are deviously inventive. They can ban people from getting transport tickets, throttle internet speeds or even prevent them from getting certain jobs or education. The question is, how long until similar systems are deployed all over the planet?
As usual with such schemes, there are advantages. It’s safe to assume that such a system can improve social accountability and online behavior (for example, cyberbullying can be tackled more effectively). Unfortunately, since it’s China we’re talking about, the rules for having a good social credit are set by a government that suppresses criticism through any available means.
What’s worse is that most judgements regarding a person’s social credit will be done by software. And since these programs aren’t even remotely intelligent yet^, there will be many mistakes made. I wonder if the Chinese authorities will allocate the appropriate manpower to address appeals by citizens against the decisions made by these algorithms.
This is a risky path that the Chinese are taking. It is also setting a very dangerous precedent for our civilization. It tempts governments today to increasingly rely on surveillance and punishment rather than educating and supporting a person’s healthy development. Free societies will always have an advantage when it comes to innovation. And in the Information Age^, innovation is what creates winning nations.
[ax_meta lnimgurl=’http://mentatul.com/wp-content/uploads/2018/07/02988-ChinaSocialCredit-Thumb.jpg’ lnimgw=’250′ lnimgh=’250′ title=’China's Social Credit System’ desc=’China leverages the latest in technology in order to build something akin to a criminal record but doesn't only cover crime, but pretty much any action that the government can track, online and offline.’]
Security vulnerabilities are a dime a dozen now-a-days. But, when a couple of months ago we learned about Spectre^ and Meltdown^, it finally started to dawn on people just how insecure all our “high tech” really is. We’re using hole-ridden, bug-infested products.
If the Wikipedia articles above are too boring, here’s a relatively more layman-friendly breakdown of what happened:
I don’t know if the constant deluge^ of security exploits has resulted from the challenges that arise from working with highly complex technology or is caused by some sort of surveillance conspiracy. What’s certain is that this shows just how weak our technology is and how easily it can be overcome.
I will definitely not allow my home to be controlled by “smart devices” based on closed-source technology. And this includes closed-source hardware designs manufactured in factories under the control of expansionist governments:
[ax_meta lnimgurl=’http://mentatul.com/wp-content/uploads/2018/03/02754-SpectreOfMeltdown-Thumb.jpg’ lnimgw=’250′ lnimgh=’250′ title=’The Spectre of Meltdown’ desc=’After Spectre and Meltdown, it finally started to dawn on people just how insecure all our "high tech" really is.’]
Throughout the past years there have been several high-profile occasions when apps were in the news for questionable tracking strategies. Even applications that do not use novel means of compromising our privacy are gobbling up increasing amounts of data while their creators cash in on the profits obtained from selling the user’s digital life^ to the highest bidder. At the receiving end of this deluge of spyware are we, the people.
Even for those of us that do read the list of permissions an app requests upon installation, it is hard to avoid installing certain apps because they come with other features that we need. It’s an old trick that is akin to the Trojan horse. This is how these dubious app creators get in our back yard: by offering something that is 90% useful and 10% spyware, but which must be accepted as a whole.
Devious solutions for the same old need
Smartphone espionage has gotten very clever as of late. Check these two^stories^ about ultrasonic tracking. According to one research, hundreds of Android apps with an install base in the millions include a library that is used for this purpose. The way this works is by listening to ultrasonic audio “beacons” implanted in advertisements. Humans can’t normally hear sound in this range, but smartphones’ microphones can.
When a user has one such application running and an advertisement that includes an ultrasonic marker plays on TV or anywhere around the user (for example radio or an ultrasound-emitting advertisement panel in a shopping mall), the app can make an association between the user and the played content. This can be used for simple tasks such as sending a unique ID back to a service which then sends a shop’s deals to a user, but it can just as well include a lot of other information about the device and its owner.
Some of the things this system can achieve are rather worrying. For example, it can be used for determining a user’s (approximate) location even if the GPS is turned off or out of range. This can be done by having a particular advertisement panel emit a unique ultrasound beacon. This can later be used to determine when the user is in its proximity. The system can also be used to track a user’s TV-watching habits without consent. Some of these uses are legitimate though, like pushing advertisement and coupons to somebody that has given their consent for using this “feature”. A few such apps disclose the tracking prominently. But this is usually not the case.
More recently, the Uber app was found to be capable to record portions of the iPhone screen^. The company defended itself saying that this was done in order to send images with maps to the iWatch (using the iPhone to render the map because the iWatch lacked the required performance). There’s a gazillion ways this can go wrong not if but when hackers manage to leverage this capability in order to steal passwords and other sensitive information. The feature was reportedly removed but it still shows exactly what the smartphone really is. And there’s no way to sugar coat this…
The smartphone is a surveillance device
Economically, it is used by corporations to mine data^ out of people and use it to manipulate them into buying products. The smartphone grew into a fascinating tool for mass surveillance because it comes with a bunch of features that users really want. I mean, it’s really nice to have a browser and a video camera available at all times, right? Except that all these “free” apps are just a gateway for companies that are tracking users ever since advertisers figured how to use our digital lives against us and our vulnerable minds.
Currently, the goal most of these companies have is to get us online for as much time as possible. As for the camera and the other (many) sensors inside a phone, we might end up not being the only ones controlling them. There are innumerable cases of this technology being used with criminal intent. There’s only need for one backdoor to take control of our devices and that backdoor’s existence is ensured by the producers of these devices.
Governments will of course not oppose this (they’ll even encourage it^) because the greatest concern of a government is to maintain its appearance as a legitimate organization. Investigative journalists^ and whistle-blowers^ have greatly damaged governments^ and corporations as of late. By increasing surveillance capabilities under various pretexts, governments and corporations hope to prevent the next public relations scandal. I’m not even blaming them; they’re just trying to survive^. But people who realize they’ve been sold behind closed doors won’t remain the loyal followers that these entities need in order to justify their existence.
To make things easier for themselves, governments will make sure they also have access^ to whatever technologies are deployed on these devices. One problem, however, is that the citizens of one country may use devices produced in another country. What is the percentage of electronics we manufacture in Asia? And then there’s this thing about hardware backdoors^.
Innocent bystanders
A few days ago I was waiting in line for an old lady that wanted to change the battery of her phone. It was a keypad phone of the kind considered modern 15 years ago. The image of her sitting there in front of the cashier will stay with me for a long time because, in an instant, my mind ran through the entire planned obsolescence racket^ and understood the inevitable verdict that will be given by the system this woman fell prey to.
In the past years I’ve become increasingly aware of the hideousness of hyper-consumerism^. But this situation has put a face on it. Of course, the shop couldn’t help her. The only option for the old lady was to switch to some other phone, most probably with a non-replaceable battery, so she can be forced to change it every few years. Not to mention she must adapt to new software every time it happens and probably be at the receiving end of automatic updates that will change features in her phone, which is exactly what an old lady wants from her device (not!).
With corporations making money from data and with governments drooling over the private lives of its citizens, it’s no wonder that phones with replaceable batteries have disappeared off the market (using “water resistance” as a cheap excuse). Yes, there is a likely connection between forcing people to upgrade their phones and the need to make sure that those people voluntarily carry around the latest and greatest in spying technology in their pocket. Hey, some people will even queue for days and pay outrageous amounts for these things.
Reasons & solutions
But why is it like this? The answer is terrible in its cruel simplicity. These are the rules of the Human Game^ at this point in time. What’s terrible is that even though we are directly responsible for creating and tolerating these rules, we also face an extremely powerful opposition to change them. The machine has grown into a huge, lumbering beast whose behavior harks back to our most ancient instincts, such as the imperious need to survive. Corporations need to earn money. They exist for this purpose and this purposealone. So it is no wonder they buy governments and do whatever it takes in order to survive in the jungle of a (stock) market^ that is the very heart of the machine.
Can this all change? Of course it can. And the solution is wonderful in its beautiful simplicity. We just need to change the criteria with which we purchase goods and services and with which we vote. It’s as simple as that. We need to change the rules of the Human Game. Stock market processes can be changed to encourage responsible and long-term investment. Governments can be encouraged to invest into research and education. Corporations will have no alternative but to transform themselves into entities that value the environment and respect their customers. Because otherwise, nobody will purchase what they’re peddling. There’s only need for one commercial entity in every field to prove that this works. This will generate a mass extinction of the old business model. And it’s us, the consumers, who can trigger and sustain this.
The very reason I write these words is because I strongly believe in this change. And what’s beautiful is that the change doesn’t even need to be sudden (and therefore potentially violent). Actually, it can’t be sudden because this modification in people’s mentality will not occur overnight. It will take time until more of us are ready to champion this cause and for it to spread. But it will happen. Of that, I am sure. I just wish that it will happen before another disaster strikes our civilization.
A lovely (even if sad) wordplay
In closing, here are a few other factoids from the war against privacy (I noticed that ZDNet has a pretty good section about all this):
[ax_meta fbimgurl=’http://mentatul.com/wp-content/uploads/2018/01/02596-NotSurprisingSmartphonePrivacy-Share.jpg’ lnimgurl=’http://mentatul.com/wp-content/uploads/2018/01/02596-NotSurprisingSmartphonePrivacy-Thumb.jpg’ fbimgw=’1170′ fbimgh=’350′ lnimgw=’250′ lnimgh=’250′ title=’Why It's Not Surprising That Smartphone Privacy Is Going from Bad to Worse’ desc=’Throughout the past years there have been several high-profile occasions when apps were in the news for questionable tracking strategies.’]
During its first participation at the International Big Data Conference, the National Security Agency made a surprise announcement:
“We are in a fortunate position that allows us to uniquely compete with Amazon, Google, DropBox and other major cloud providers. Since we already have all our potential customers’ data, instead of charging for data storage like our competitors, our service will provide files and passwords restoration. Say you lose a beloved picture, or you forget some password. You just log in to the all-new NSA Data Restoration Portal and, for a moderate fee, you can recover any of your digital information”, declared Eddie Rainhouse, product manager for the NSA’s new Monetization Initiative that has been created within the Data Collection Services Division.
The news has already caused quite a stir in the cloud computing community. Private companies complain that they can’t compete with the NSA’s eleven billion dollars budget and glowing public reputation.
The famed American security agency has also purchased struggling hard disk maker Seagate in order to “ensure a steady and healthy increase of available storage capacity in order to accommodate more potential customers”.
So far, members of the NSA’s Data Restoration Beta Program seem very satisfied with the service:
“I accidentally wiped my iPhone. I didn’t even have to get out of the house to fix it. I just connected it to my MacBook and accessed NSA’s Data Restoration portal. Twenty minutes and ten bucks later, everything was back in working order. Even my family videos are there, along with all my applications. They even restored my Candy Crush progress. It’s an amazing service!”, declared Manny Datas of Arizona.
Another user, Lo Safeson was saved by the NSA’s PayBack Plus service: “Somebody hacked my Facebook account. I immediately logged in to the NSA portal and I used the Facebook back door system to reset the password of my account. For three hundred dollars I also got an NSA consultant to delete all stolen private information from the hacker’s computer.”
The NSA ensured us that they have a solid authentication service in place that makes sure that nobody except the user and the authorities can access the user’s data. It’s a custom built three-factor login process that uses classified biometric data.
For those that would like to enter the Data Restoration Beta Program, there is an early-hawk discount available until the end of 2016. For your convenience, the NSA has allowed us to publish a list of currently provided services:
Full Data Restoration: restores any or all of your devices to the previous state of your choosing. Backups are updated regularly for any data-capable device. The backups will not count against your data quota, since the NSA has working agreements with most Internet Service Providers and is part of International Intelligence Agencies Coalition for Data Safety.
Memories Recovery: using this feature, you can recover deleted e-mails or messages from any popular provider. You can also playback old telephone or Skype conversations, as long as they’ve taken place in the past five years.
Password Recovery: as the name implies, you can recover your password, in clear text, for any website you visited in the past decade.
PayBack Plus: provides counter-attack measures to be used against hackers involved in identity theft. You can remotely delete stolen information and expose hackers to public authorities.
Sneaky Peeky: provides read-only access to your NSA history, allowing you to gauge the possibilities of the service and determine what sort of Data Restoration operation you’d like to go for.
NSA MVC (Most Valued Customer) Subscription: also known as the NSA Prime, this subscription requires you to pay a small annual fee. Doing so will award you Data Restoration Priority Golden Elephant, as well as tempting discounts for any current or future NSA customer-centric service.
This text has been published in the “Satire” category for a good reason.
[ax_meta lnimgurl=’http://mentatul.com/wp-content/uploads/2016/10/01276-NSADataRestoration-Thumb.jpg’ lnimgw=’250′ lnimgh=’250′ title=’The NSA Goes Commercial with Data Restoration Service’ desc=’During its first participation at the International Big Data Conference, the National Security Agency made a surprise announcement.’]
In recent years, Intel has moved towards integrating some pretty nifty remote administration features into its CPUs. While this may be a good idea for certain enterprises, it may quickly turn into a nightmare as soon as exploits and vulnerabilities are found. And guess what^?
Software has bugs. Hey, it happens, everybody makes mistakes. But in this case, the mistakes can’t be corrected in time (before an attacker exploits them). That’s because, in typical monopolist corporation fashion, Intel is obscuring the process by not allowing the security community to analyze whatever code the company decides to shove into our machines. The same argument stands true regarding any proprietary code, especially Microsoft’s Windows, which after 20 years of fixes is still the most vulnerable mainstream operating system.
The following article describes the problem pretty well:
It’s probably only a matter of time until a clever attacker will compromise the company’s buggy code. Of course, Intel will eventually patch its security holes, but given that the company’s CPUs are used across the world in some pretty sensitive contexts, there’s no telling how much damage such attacks can cause.
As for us mortals, we are at risk of having our privacy compromised even by petty criminals. This is because there’s a large window of opportunity between the time when a security hole is found and the time that Intel moves to fix it for less prioritized customers.
And don’t even get me started on how governments across the world can (and probably will) force Intel’s hand into giving over political dissidents on a silver platter. Privacy? What privacy?
If you want to learn more, here’s another article on the same topic:
I wrote this hot on the heels of a Dissected News piece about Cyber-Warfare^. There’s additional interesting information to be found there.
[ax_meta lnimgurl=’http://mentatul.com/wp-content/uploads/2016/07/00759-AllYourComputersAreBelongToUs-Thumb.jpg’ lnimgw=’250′ lnimgh=’250′ title=’All Your Computers Are Belong to Us’ desc=’It's probably only a matter of time until a clever attacker will compromise Intel's buggy code.’]
When we read in the press about “hacking”, it’s mostly about software-based attacks. It may be about exploiting a vulnerability to reveal passwords or attacking an insecure computer. Then there’s the entire social-engineering aspect to it, which is basically hacking a person’s mind (can also be seen as a person’s software).
Cyber-warfare^ has been defined as “actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption”. Serious confrontations are also going on between corporations, with industrial espionage being one of the main drivers. Unlike in real war, because a single individual can take on an entire nation through the use of clever hacking, the boundaries between these “size categories” are blurred.
In addition to the myriad ways a target can be hacked through software, there’s something far more insidious and dangerous that can happen. Hardware-based attacks:
What the article above explains is how tiny hardware back-doors can be baked inside any integrated circuit. It’s not news that this is doable, but what is news is that it’s way too easy to achieve and almost impossible to detect. Even in the case of the highly advanced computer processors that are inside all our devices. Apparently it can be done by a single (well trained) person working inside the factory that manufactures the chip.
Such modifications are extremely hard to detect. It’s quite tempting to go a bit paranoid when thinking about how many of our mission-critical processors are manufactured in Asia. China has lately started to re-assert itself technologically and militarily. There was an age when airplanes and bombs would decide the fate of a war. That age is slowly fading away.
[ax_meta lnimgurl=’http://mentatul.com/wp-content/uploads/2016/06/00730-CyberWarfareIsScary-Thumb.jpg’ lnimgw=’250′ lnimgh=’250′ title=’Cyber-Warfare is Scary’ desc=’A single (well trained) person working inside a factory that manufactures electronics can bake a hardware back-door inside any integrated circuit.’]
Because being informed is just not enough anymore…
