Wednesday, March 16, 2016


And so it begins. "Seems like Google's RankBrain AI is a Skynet in making because even the engineers working on it are unable to understand it."

Labor markets are hampered by occupational licensing laws. "Lower rates of worker mobility mean that workers are misallocated across the states in a similar way that price controls or discrimination misallocate resources and reduce total wealth. Lower rates of workforce mobility also increase the persistence of unemployment."

Terrorism becomes an opportunity. "[D]omestic law enforcement officials now have access to huge troves of American communications, obtained without warrants, that they can use to put people in cages. FBI agents don't need to have any 'national security' related reason to plug your name, email address, phone number, or other 'selector' into the NSA’s gargantuan data trove."

Don't piss of chess geeks they might pull out the DDoS gambit.

Music is always a social experience. "[R]ecent looks at the evolution and neurology of music suggest we are not waltzing by ourselves. Musical experiences are inherently social, scientists tell us, even when they happen in private. When we listen alone, we feel together."

Step 1 - stop sustaining criminal elites. "[A]dopting the rule of law is complex. A country needs to enact an immense number of rules. Crafting and enforcing those rules requires cooperation among legislatures, ministries, departments of ministries, the judiciary, local governments and more. At each stage, defenders of the status quo can sabotage or twist the effort to their advantage."

Path Dependent by William Dupre
Ask me where it is
I will say “The flow seems to take me there.”

I am an accumulation of lost experiences
Bridging a dependent path to others of me
Experiencing what again will be lost.

What parallels of me exist?
When did I become me?

Tuesday, March 15, 2016

Security Roundup

Not only is the U.S. Congress about to vote on anti-encryption legislation, but so is California. The bill going through the CA State Assembly "would ban default encryption on all smartphones" sold in the state.

Those laws could make the push to have Apple build iPhones even it can't unlock moot. Though, some companies - including Facebook and Google - are working to increase privacy protections in the face of the next attack on this front - WhatsApp.

Unfortunately, President Obama is showing that he doesn't understand the importance or technical issues of encryption either. He "keeps mentioning trade-offs, but it appears that he refuses to actually understand the trade-offs at issue here. Giving up on strong encryption is not about finding a happy middle compromise. Giving up on strong encryption is putting everyone at serious risk."

Could the government demand the iOS source code and signing key? A footnote in the DOJ brief says the following:
For the reasons discussed above, the FBI cannot itself modify the software on Farook's iPhone without access to the source code and Apple's private electronic signature ... The government did not seek to compel Apple to turn those over because it believed such a request would be less palatable to Apple. If Apple would prefer that course, however, that may provide an alternative that requires less labor by Apple programmers."
In other words, "it would be a shame if we had to take that code from you."

Mr. Fart and phone security -- the comparison between cockpit security and phone security is great. 

Saturday, March 12, 2016

Why it matters

I've posted a lot about security and privacy lately and will continue to do so because I believe this could be a defining movement both in law and culture with respect to security, privacy, and surveillance (maybe Crypto Wars 2.0). It's not just the FBI's request to Apple either. Facebook could soon be clashing with the DOJ on the WhatsApp messaging application in a case regarding wiretapping. There is also activity in the U.S. Congress which is preparing to vote on a bill that would punish tech companies that refuse to cooperate with investigators, specifically on encryption. The importance of these events can't be overstated.

The importance of encryption per se can't be overstated either because it is an enabling technology that gives private citizens power against mass surveillance. John Reed at Just Security, wrote about this topic recently. He was reacting to the oft-cited yet dangerous argument that "if you don’t have anything to hide, you shouldn’t have anything to worry about." He states,
A government’s abuse of surveillance to intimidate and discredit law-abiding citizens isn’t something that happens only in places like Russia. It’s happened time and again, even in democracies as strong as the United States. Within living memory in the US alone, one can recall Nixon’s enemies, Sen. Joseph McCarthy’s anti-communist witch hunts, J. Edgar Hoover’s FBI files on everyone who may have posed a threat to his power, COINTELPRO, and more specifically, that program’s use of surveillance to assist in attempt to ruin Martin Luther King Jr., the list goes on. There is simply no reason to think that such abuse will not occur again. So why should you care if you’re always being watched? Because your self-perceived innocence may not protect you from the kind of abuses we’ve seen repeatedly over the past century (emphasis added).
Jenna McLaughlin at The Intercept shows how Reed's comment emphasized above is all too true with respect to Black Lives Matter movement. Quoting a grassroots organizer,
"The mundane surveillance of people of color is what gives rise to bulk surveillance at a federal level … not the other way around," she said. "Whatever has been considered normal at a local level" -- including systems of suspicious activity reports, predictive policing, and other tactics -- "has now been considered normal at the federal level."
Even beyond the realm of social justice movements, the fact of the matter is is that everyone has something to hide or something in their life that they want to keep private. Reed quotes Bruce Schneier as saying that "[p]rivacy is a basic human need," and that being watched turns us into children under watchful eyes waiting to be implicated by patterns from our past lives.

This is why the fight for strong encryption and against surveillance matters.

Thursday, March 10, 2016

Is code speech?

In Apple's fight against a court order compelling it to create specific software to enable the government to break into an iPhone, the company is invoking its First Amendment rights as one of its defenses. In particular, they claim that the government is compelling speech by forcing it to digitally sign the special version of iOS. The Electronic Frontier Foundation (EFF), in their amicus brief in support of Apple, explains how digital signatures are a way of communicating endorsement of a signed document. (Also see the EFF's FAQ on the matter.)

In making this defense, Apple and EFF (as well as others) typically use the term "computer code is speech" in reference to previous court decisions which protected companies and individuals developing software, in particular encryption software. However, this idea (code as speech) is controversial. Below, I will address law professor Neil Richards's claim that "Code = Speech" is a mistake. (As a reference, please also refer to Apple's filling.)

Code is a means of expression

Richards states that "Apple has told the court that 'under well-settled law, computer code is treated as speech within the meaning of the First Amendment.' Unfortunately, it's wrong about that. The Supreme Court has never accepted that code is protected like speech." The problem is that Apple never said that The Supreme Court has ruled on the matter - they referred to "well-settled law." From that perspective, Apple is correct. They even list the lower court case-law to illustrate.

For instance, in Bernstein v. Department of State the U.S. Court of Appeals, Ninth Circuit says "we conclude that source code is utilized by those in the cryptography field as a means of expression, and because the regulations apply to encryption source code, it necessarily follows that the regulations burden a particular form of expression directly" (emphasis added). The court here explicitly refers to cryptography which is exactly what Apple refers to in their filling. They say that
The government asks this Court to command Apple to write software that will neutralize safety features that Apple has built into the iPhone in response to consumer privacy concerns. The code must contain a unique identifier "so that [it] would only load and execute on the SUBJECT DEVICE," and it must be "'signed' cryptographically by Apple using its own proprietary encryption methods (emphasis added).
More directly, though, Apple also lists the case of United States v. Elcom Ltd. which was ruled by the U.S. District Court in Northern California. In that ruling the court states that
the government contends that computer code is not speech and hence is not subject to First Amendment protections. The court disagrees. Computer software is expression that is protected by the copyright laws and is therefore "speech" at some level, speech that is protected at some level by the First Amendment (emphasis added).
At least two other cases address this claim as well:
  • Universal City Studios, Inc. v. Corley - "Computer programs are not exempted from the category of First Amendment speech simply because their instructions require use of a computer"  
  • Junger v. Daley - in reversing a lower court's decision stating that encryption code is not expressive speech, the U.S. Appeals Court, Sixth District concluded that the First Amendment does in fact protect computer source code 
Richards is correct in saying that the Supreme Court hasn't ruled that "code is speech" but they haven't ruled contrarily either. The current accepted view of the courts is that computer code is a form of speech.

Speechiness is not the issue - regulation is

Having said all of that, I do believe that Richards makes a good point when he says that
What matters, in the end, isn't the metaphysics of "speechiness," [the central question of asking whether code is speech] but whether a government regulation of an activity threatens the traditional values of free expression -- political dissent, art, philosophy, and the practices of self-government...The right question to ask is whether the government's regulation of a particular kind of code (just like regulations of spending, or speaking, or writing) threatens the values of free expression.
Like Richards, I see this as the true issue at hand. The clumsy language used by the various courts above only confuses the matter. Computer code is really more like words, not speech, and like words used in other forms of expression, the content matters. Richards provides an illustrative example when he implies that it would be silly (my word not his) to protect malware writers because the code they used to write the programs was protected speech.

In defense of that last view, Richards writes "Code = Speech is a fallacy because it would needlessly treat writing the code for a malicious virus as equivalent to writing an editorial in the New York Times." I have some trouble with this analogy because I could see a case where these were equivalent. For instance, if the New York Times published an editorial that incited a riot in Times Square, that would be the same as writing a malicious virus (or DDoS attack). Using words to incite violence is not protected by the First Amendment, nor is using code to inflict damage. And this, as I see it, gets to the real heart of the matter. However, I wouldn't go as far as Professor Richards in calling for regulation of code.


While I believe that Apple has a valid First Amendment argument in their fight against the government, I also think the simple slogan of "code is speech" and what it implies is clumsy. Computer code can be used to achieve great things including giving power to the powerless and limiting the power of the powerful. In that way, it is no different from traditional values of political dissent, art, and philosophy.

Wednesday, March 09, 2016


Get used to America, we just may not be that unique.

An interesting approach to limit wasteful exchanges of political favors during election cycles. "In ancient Athens, not only juries but many office-holders were selected by lot. But the most intriguing unpredictable election process was probably that of the medieval Venetian Republic. In Venice, many political offices were selected by a repeated cycle of lottery, vote, .... lottery, vote."

The Ukrainian power grid was hit by Russian-sponsored hackers late last year. Kim Zetter has the compelling story. The scary part - "the control systems in Ukraine were surprisingly more secure than some in the US, since they were well-segmented from the control center business networks with robust firewalls."

Oh France! Why? "[T]he French National Assembly has amended a pending counterterrorism bill to impose heavy penalties on technology companies that fail to cooperate in decrypting communications relating to terrorism investigations."

Science is messy. "An influential psychological theory, borne out in hundreds of experiments, may have just been debunked. How can so many scientists have been so wrong?"

Artificial "octopus skin" for robots - what more needs to be said.

While bitcoin is having some success, maybe it's the blockchain that will be the real 'game changer.' "Goldman Sachs says the technology 'has the potential to redefine transactions' and can change 'everything.'"

"Legal marijuana may be doing at least one thing that a decades-long drug war couldn't: taking a bite out of Mexican drug cartels' profits."

Could the insurance industry help reform American policing? Radley Balko found "several examples in which insurers had demanded changes to policies regarding the use of SWAT teams, usually after one or more incidents that resulted in a payout to someone shot or injured during a police raid...[T]he financial incentives insurers can offer to cities and towns for good policing are powerful."

Bonds by William Dupre
All that we look to spend
To suit a legacy
With others there to lend
The bonds that are not free.
The sense we must abuse
And trespass to for-give
On lies we like to use
For lives we long to live.
We must, but no alone,
End the art to deceive,
Lest what we love be gone
And we ourselves take leave
Of senses that are the
Guise of what is to be.

Thursday, March 03, 2016

Security Roundup

I've been blogging a lot about security lately, but there is a lot going on to blog about. Here is a roundup of some hot news items.

ACLU: You can kiss trust in software updates goodbye if Apple's forced to help the FBI: "What the government seeks here is an authority that would undermine American and global trust in software security updates, with catastrophic consequences for digital security and privacy."

We are currently dealing with the consequences of intentionally weak cryptography. The latest is the DROWN attack which exploits bad decisions made by the U.S. government during the 1990s Crypto Wars. "Today, some policy makers are calling for new restrictions on the design of cryptography in order to prevent law enforcement from 'going dark,'...[H]istory's technical lesson is clear: Weakening cryptography carries enormous risk to all of our security."

The U.S. government has funded projects like TOR and Open Whisper with the intention of giving dissidents across the world the ability to communicate freely. So, is the government fighting itself on encryption? "We thought the risks of not allowing the Internet to be secure and a vehicle for free speech was more detrimental than the risks of bad guys using it in ways that made it harder to go after them."

Could the Feds get into iPhones without Apple's help? Maybe they should ask the NSA.

Wednesday, March 02, 2016


  • An open-source alternative to Android Wear OS
  • Wonderful piece, great player
  • Pirates of the 21st Century!
  • Help Wanted for hackers - "Some groups also offer incentives for new talent, such as promising fame and notoriety, profit-sharing, and travel expenses."
  •  How to make good decisions? Don't ignore the base rate.
  •  FBI's Tor hack shows the risk of subpoenas to security researchers - "If you're a researcher, you need to think: Am I going to get subpoenaed here? Should I be gathering this information and risking putting it into the wild?"

Oh, God! a lipogram in O by William Dupre
Oh! To know God’s blood,
Don’t brood on school’s rot
Or cool to Mom’s cocoon -
Stomp on roots of doom!

Look to books for food
To stop torpor’s hoofs.
Don boots to crook cons
Or to loot God’s boon.

Go now! Look how blooms
Took to soot on sod
On footholds of foo
To grow food for fools!

Pirate Ship image courtesy of EricaMaxine Price at Fine Art America