Wednesday, May 2, 2018

"Privacy Is No Longer A Social Norm"

It is widely believed that in 2010 Mark Zuckerberg said "Privacy is no longer a social norm" but apparently that wasn't exactly what he said. Below the fold, I take off from this and other misquotes to look at our home-town's major industry, surveillance. Facebook (now headquartered in Menlo Park) has been getting all the attention recently, but they probably know less about you than Palantir Technologies, still headquartered in Palo Alto.

Ann Cavoukian, Information and Privacy Commissioner of Ontario, wrote at the time:
There was a considerable amount of controversy recently when Mark Zuckerberg, co-founder and CEO of Facebook, the world's most popular online social network, was misquoted as saying that "privacy is no longer a social norm." What he actually said was: "People have really gotten comfortable not only sharing more information and different kinds, but more openly and with more people. That social norm is just something that has evolved over time."
I, along with many others, believed when I wrote last year that:
it was in 1999 that Scott McNealy famously said "privacy is dead, get over it". It is a whole lot deader now than it was then.
Apparently I misquoted McNealy too. In Wired at the time Polly Sprenger wrote:
THE CHIEF EXECUTIVE officer of Sun Microsystems said Monday that consumer privacy issues are a "red herring."

"You have zero privacy anyway," Scott McNealy told a group of reporters and analysts Monday night at an event to launch his company's new Jini technology.

"Get over it."
Katherine Noyes' Scott McNealy on privacy: You still don't have any shows his libertarianism has changed his mind in one respect:
Today, he considers governments the biggest threat on the horizon.

“It doesn’t really bother me that Google and AT&T have information about me, because I can always switch to another provider,” McNealy said in an interview last week. “If Uber starts screwing around with my data, I’ll use Lyft.”

It’s a different story when it comes to government.

“There’s only one DMV,” he said. “What scares the daylights out of me is the idea of a planned socialist economy driven by a bureaucratic government of appointed officials.”
Scott was always libertarian, just not as much as Peter Thiel. But he should be worried about Peter Thiel's company Palantir, and especially about its incestuous relationship with his bogeyman, the US government. Palantir Knows Everything About You by Peter Waldman, Lizette Chapman, and Jordan Robertson has the subhead:
Peter Thiel’s data-mining company is using War on Terror tools to track American citizens. The scary thing? Palantir is desperate for new customers.
Waldman et al summarize Palantir's history thus:
Founded in 2004 by Peter Thiel and some fellow PayPal alumni, Palantir cut its teeth working for the Pentagon and the CIA in Afghanistan and Iraq. The company’s engineers and products don’t do any spying themselves; they’re more like a spy’s brain, collecting and analyzing information that’s fed in from the hands, eyes, nose, and ears. The software combs through disparate data sources—financial documents, airline reservations, cellphone records, social media postings—and searches for connections that human analysts might miss. It then presents the linkages in colorful, easy-to-interpret graphics that look like spider webs. U.S. spies and special forces loved it immediately; they deployed Palantir to synthesize and sort the blizzard of battlefield intelligence. It helped planners avoid roadside bombs, track insurgents for assassination, even hunt down Osama bin Laden. The military success led to federal contracts on the civilian side. The U.S. Department of Health and Human Services uses Palantir to detect Medicare fraud. The FBI uses it in criminal probes. The Department of Homeland Security deploys it to screen air travelers and keep tabs on immigrants.
It isn't just the Federal government:
Police and sheriff’s departments in New York, New Orleans, Chicago, and Los Angeles have also used it, frequently ensnaring in the digital dragnet people who aren’t suspected of committing any crime. People and objects pop up on the Palantir screen inside boxes connected to other boxes by radiating lines labeled with the relationship: “Colleague of,” “Lives with,” “Operator of [cell number],” “Owner of [vehicle],” “Sibling of,” even “Lover of.” If the authorities have a picture, the rest is easy. Tapping databases of driver’s license and ID photos, law enforcement agencies can now identify more than half the population of U.S. adults.
Are you worried that Peter Thiel knows everything about you, Scott? You can't switch to another surveillance provider, and Thiel is really out there:
In a 2009 essay for the Cato Institute, he railed against taxes, ­government, women, poor people, and society’s acquiescence to the inevitability of death. (Thiel doesn’t accept death as inexorable.) He wrote that he’d reached some radical conclusions: “Most importantly, I no longer believe that freedom and democracy are compatible.” The 1920s was the last time one could feel “genuinely optimistic” about American democracy, he said; since then, “the vast increase in welfare beneficiaries and the extension of the franchise to women—two constituencies that are notoriously tough for libertarians—have rendered the notion of ‘capitalist democracy’ into an oxymoron.”
And I don't think he agrees with you that government invasions of privacy are a bad thing:
Thiel told Bloomberg in 2011 that civil libertarians ought to embrace Palantir, because data mining is less repressive than the “crazy abuses and draconian policies” proposed after Sept. 11. The best way to prevent another catastrophic attack without becoming a police state, he argued, was to give the government the best surveillance tools possible, while building in safeguards against their abuse.
No need to worry, though, because Thiel and Palantir are paragons of integrity:
In one adventure missing from the glowing accounts of Palantir’s early rise, I2 accused Palantir of misappropriating its intellectual property through a Florida shell company registered to the family of a Palantir executive. A company claiming to be a private eye firm had been licensing I2 software and development tools and spiriting them to Palantir for more than four years. I2 said the cutout was registered to the family of Shyam Sankar, Palantir’s director of business development.

I2 sued Palantir in federal court, alleging fraud, conspiracy, and copyright infringement. In its legal response, Palantir argued it had the right to appropriate I2’s code for the greater good. “What’s at stake here is the ability of critical national security, defense and intelligence agencies to access their own data and use it interoperably in whichever platform they choose in order to most effectively protect the citizenry,” Palantir said in its motion to dismiss I2’s suit.

The motion was denied. Palantir agreed to pay I2 about $10 million to settle the suit. I2 was sold to IBM in 2011.
Just traditional Silicon Valley vigorous competition in action. Not as if they were doing naughty Cambridge Analytica stuff and interfering in politics:
Sankar, Palantir employee No. 13 and now one of the company’s top executives, also showed up in another Palantir scandal: the company’s 2010 proposal for the U.S. Chamber of Commerce to run a secret sabotage campaign against the group’s liberal opponents. Hacked emails released by the group Anonymous indicated that Palantir and two other defense contractors pitched outside lawyers for the organization on a plan to snoop on the families of progressive activists, create fake identities to infiltrate left-leaning groups, scrape social media with bots, and plant false information with liberal groups to subsequently discredit them.
In any case, Palantir is so successful that minor glitches like this can easily be overlooked:
The company’s early data mining dazzled venture investors, who valued it at $20 billion in 2015. But Palantir has never reported a profit. ... Palantir’s high installation and maintenance costs repelled customers such as Hershey Co., which trumpeted a Palantir partnership in 2015 only to walk away two years later. Coca-Cola, Nasdaq, American Express, and Home Depot have also dumped Palantir. ... Some investors are weary and have already written down their Palantir stakes. Morgan Stanley now values the company at $6 billion. Fred Alger Management Inc., which has owned stock since at least 2006, revalued Palantir in December at about $10 billion, according to Bloomberg Holdings. One frustrated investor, Marc Abramowitz, recently won a court order for Palantir to show him its books, as part of a lawsuit he filed alleging the company sabotaged his attempt to find a buyer for the Palantir shares he has owned for more than a decade.
Waldman et al's recount the horrors the LAPD's use of Palantir's software visit upon citizens who are innocent but brown. Of course, Scott would never expect the software to be used on rich, straight white guys. Except that Waldman et al start with the saga of Peter Cavicchia III, JP Morgan's in-house version of James Jesus Angleton. Cavicchia was hired to use Palantir's software to detect and suppress "insider threats" such as leaks to the press. JP Morgan's management was fine with the help's privacy being invaded in this way until they realized they weren't exempt:
JPMorgan’s experience remains instructive. “The world changed when it became clear everyone could be targeted using Palantir,” says a former JPMorgan cyber expert who worked with Cavicchia at one point on the insider threat team. “Nefarious ideas became trivial to implement; everyone’s a suspect, so we monitored everything. It was a pretty terrible feeling.”
Just like Facebook, you can't opt out of Palantir's surveillance, and you have no way of knowing what they will do with your data. And, because Palantir has become so embedded in the national security and law enforcement structures, the government can't opt out either. Palantir has beaten the banks; it has become too big to fail without ever needing to turn a profit.

The Carillion scandal in Britain shows the danger of governments outsourcing essential functions to monopoly service providers, especially if their finances are as shaky as Carillion's:
The company experienced financial difficulties in 2017, and went into compulsory liquidation on 15 January 2018, the most drastic procedure in UK insolvency law, with liabilities of almost £7 billion. Before its liquidation, it was the second largest construction company in the United Kingdom,[5] was listed on the London Stock Exchange, and had some 43,000 employees (around 19,000 of them in the United Kingdom).

In the United Kingdom, the insolvency has caused project shutdowns and delays, job losses (in Carillion – 2,221 UK redundancies up to 23 April 2018 – and its suppliers), financial losses to joint venture partners and lenders, and potential financial losses to Carillion's 30,000 suppliers and 28,500 pensioners. It has also led to questions and parliamentary enquiries about the conduct of the firm's directors, its auditors, the Financial Reporting Council and The Pensions Regulator, and about the UK Government's relationships with major suppliers working on Private Finance Initiative (PFI) schemes and other privatised outsourcing of public services. It also prompted legislation proposals to reform industry payment practices, and consultations on new government procurement processes to promote good payment practices.
The functions that are being outsourced to Palantir are even more essential than those outsourced to Carillion.

But wait, there's more! Once again China leads the way in outsourcing privacy-invading technology.The sub-head of Steven Chen's ‘Forget the Facebook leak’: China is mining data directly from workers’ brains on an industrial scale reads:
Government-backed surveillance projects are deploying brain-reading technology to detect changes in emotional states in employees on the production line, the military and at the helm of high-speed trains
The technology is actually pretty simple:
Hangzhou Zhongheng Electric is just one example of the large-scale application of brain surveillance devices to monitor people’s emotions and other mental activities in the workplace, according to scientists and companies involved in the government-backed projects.

Concealed in regular safety helmets or uniform hats, these lightweight, wireless sensors constantly monitor the wearer’s brainwaves and stream the data to computers that use artificial intelligence algorithms to detect emotional spikes such as depression, anxiety or rage.
Its just wearable EEG. But wearable MRI is coming down the pike:
This technology enables continuous scanning of the body and brain in the form of a true wearable the size of a ski-hat or bandage. The implications of this architecture are profound for healthcare and can even enable communication with thought alone (as has been well documented by neuroscientists using the room size MRI scanners). With read/write ability - we may be able to upload/download and augment our memories, thoughts and emotions with a ski-hat form factor, non-invasively.
"The future is already here — it's just not very evenly distributed." Yet.

3 comments:

David. said...

I missed at least three important points in this post.

First, we talk about online privacy as if the problem is what companies know about you. But it is also what the people in the companies know about you, and not just CEOs like Peter Thiel. Joseph Cox & Max Hoppenstedt's Sources: Facebook Has Fired Multiple Employees for Snooping on Users spotlights this problem:

"On Tuesday, Facebook fired an employee who had allegedly used their privileged data access to stalk women online. Now, multiple former Facebook employees and people familiar with the company describe to Motherboard parts of the social media giant’s data access policies. This includes how those in the security team, which the fired employee was allegedly a part of, have less oversight on their access than others."

Second, McNealy's idea that if you don't like what one company is doing with your data you can move to another ignores the way the companies who collect data monetize it by selling it to other companies:

"Consumers and policymakers are only just now waking up to the reality that many businesses quietly seek to identify consumers personally and sell information about them to others. This information is transferred to data brokers, and repackaged and resold. Keeping the consumer in the dark is key to new information-intensive business models, because data brokers know that consumers will object to them."

And these companies sell it to other companies and so on ad infinitum.

Third, as I pointed out in Not Whether But When, it is inevitable that personal data collected about you will eventually end up in the hands of criminals and governments other than your own. Richard Smith, the CEO of Equifax while the company leaked personal information on most Americans uttered an uncomfortable truth:

"There's those companies that have been breached and know it, and there are those companies that have been breached and don't know it,"

This is true of governments as well as companies. See, for example, the OPM hack.

McNealy doesn't trust the US government. Does he trust the Russian or Chinese government? Or some scam artist like Sergei Mavrodi?

David. said...

Tracking Firm LocationSmart Leaked Location Data for Customers of All Major U.S. Mobile Carriers Without Consent in Real Time Via Its Web Site by Brian Krebs starts:

"LocationSmart, a U.S. based company that acts as an aggregator of real-time data about the precise location of mobile phone devices, has been leaking this information to anyone via a buggy component of its Web site — without the need for any password or other form of authentication or authorization — KrebsOnSecurity has learned. The company took the vulnerable service offline early this afternoon after being contacted by KrebsOnSecurity, which verified that it could be used to reveal the location of any AT&T, Sprint, T-Mobile or Verizon phone in the United States to an accuracy of within a few hundred yards."

David. said...

News crew discovers 40 cellphone-tracking devices operating around DC by Cory Doctorow reports:

"An NBC investigative journalism team and a security researcher went wardriving around the DC area with a cell-site-simulator detector that would tell them whenever they came in range of a fake cellphone tower that tried to trick their phones into connecting to it in order to covertly track their locations (some cell site simulators can also hack phones to spy on SMS, calls and data).

They found more than 40 such devices in a single ride; these were sited in such sensitive locations as K-Street, home to DC's massive lobbyist contingent; the Trump Tower hotel; around the city's many embassies; around the Pentagon, Fort Meade and Langley; and in many residential areas. "