Skip to content

Google wins lawsuit, can continue to use facial recognition tech on users without consent

A federal judge has thrown out a lawsuit that alleged Google’s nonconsensual use of facial recognition technology violated users’ privacy rights, allowing the tech giant to continue to scan and store their biometric data.

The lawsuit, filed in 2016, alleged that Google violated Illinois state law by collecting biometric data – as biologically unique to users as fingerprints – without their consent. The data was harvested from their pictures stored on Google Photos.

The plaintiffs wanted more than $5 million in damages for “hundreds of thousands” of users affected, arguing that the unauthorized scanning of their faces was a violation of the Illinois Biometric Information Privacy Act, which completely outlaws the gathering of biometric information without consent.

Google countered that the plaintiffs were not entitled to any compensation, as they had not been harmed by the data collection. On Saturday, US District Judge Edmond E. Chang sided with the tech giant, ruling that the plaintiffs had not suffered any “concrete harm,” and dismissing the suit.

As well as allowing Google to continue the practice, the ruling could have implications for other cases pending against Facebook and Snapchat. Both companies are currently being sued for violating the Illinois act.

Amid rising alarm from privacy activists, biometric scanning has become ever more ubiquitous in recent years. The technology has been deployed at American airports, Russian subways, and by British police – despite being unreliable and unregulated in most jurisdictions.

Reference

https://www.rt.com/usa/447902-google-facial-recognition-lawsuit/

Serverless Computing: One Step Forward, Two Steps Back

As everyone rushes to “the Cloud” as the solution for all our computing resource needs, one voice is challenging the sales pitch of cloud vendors.  This paper is interesting when it comes to the bandwidth of lamda functions – and how the cloud vendor restricts the performance.  Also they raise the spectre of “lock in” with a set vendor.  As a newcomer to AWS and Lambda, this paper has challenged my expectations.

As a result, serverless computing today is at best a simple and powerful way to run embarrassingly parallel computations or harness proprietary services. At worst, it can be viewed as a cynical effort to lock users into those services and lock out innovation.

 

**Biggest consideration for Lambda functions*

I/O Bottlenecks. Lambdas connect to cloud services—notably,
shared storage—across a network interface. In practice, this
typically means moving data across nodes or racks. With FaaS,
things appear even worse than the network topology would
suggest. Recent studies show that a single Lambda function
can achieve on average 538Mbps network bandwidth; numbers
from Google and Azure were in the same ballpark [26]. This is
an order of magnitude slower than a single modern SSD. Worse,
AWS appears to attempt to pack Lambda functions from the
same user together on a single VM, so the limited bandwidth
is shared by multiple functions. The result is that as compute
power scales up, per-function bandwidth shrinks proportionately. With 20 Lambda functions, average network bandwidth
was 28.7Mbps—2.5 orders of magnitude slower than a single
SSD 

**Distributed Computing**

FaaS Stymies Distributed Computing. Because there is no network addressability of serverless functions, two functions can work together serverlessly only by passing data through slow and expensive storage. This stymies basic distributed computing.

For FaaS, event handling still requires passing pieces of the global state from slow
storage into and out of stateless functions, incurring time and cost.

Current serverless infrastructure, intentionally or otherwise, locks users into either using proprietary provider services or maintaining their own servers

***Performance put to the test***

The first replaced Lambda’s role in the application with an EC2 machine to receive SQS message batches—this showed a latency of 13ms per batch averaged over 1,000 batches—27× faster than our “optimized” Lambda implementation. The second experiment used ZeroMQ to replace SQS’s role in the application, and receive messages directly on the EC2 machine. This “serverful” version had a per batch latency of 2.8ms—127× faster than the optimized Lambda implementation.

 

In this paper we purposely focused on the limitations of public FaaS APIs, and argued that they are disappointingly far from ready for general-purpose, data-rich programming.

 

Comment

Cloud computing performance (Lambda) has been  significantly slower than expected in my limited experience.  So far,  in practice – the response of AWS has been significantly slower than legacy systems.

Vendor “lock in” is a real area of concern, as we appear to be returning the early propriety era of Unix, rebranded as “Cloud”.

Reference

Cornell University

https://arxiv.org/pdf/1812.03651.pdf

TLS 1.3 – a Visual Guide

A revised edition in which we dissect the new manner of secure and authenticated data exchange, the TLS 1.3 cryptographic protocol.

Reference: https://tls13.ulfheim.net/

tls 1.3 first

Next,

tls 1.3 second

Then,

tls 1,3 third

Finally,

tls 1.3 fourth

Tim Cook – BBC – Our own information is being weaponised against us – Surveillance

But at the International Conference of Data Protection and Privacy Commissioners in Brussels this week, he painted a dystopian picture of his industry.

He described what he called a data industrial complex, with our data scooped up, traded and used to shape what we saw online.

“Our own information, from the everyday to the deeply personal, is being weaponised against us with military efficiency,” he told his audience of regulators.

“We shouldn’t sugarcoat the consequences. This is surveillance. And these stockpiles of personal data serve only to enrich the companies that collect them.”

He praised Europe’s tough new privacy law the GDPR and called for the United States to bring in something similar.

Now given how much irritation and hostility towards GDPR there was from American tech companies in the run-up to its implementation, this feels like a remarkable turnaround. Even more remarkably, the message about the merits of regulation was backed by Mark Zuckerberg.

In a video message to the same conference, he said Facebook shared the values behind GDPR.

Mind you, he insisted that users were aware of the trade-off between a free service and advertisements, and what that involved in terms of their data.

“People consistently tell us that they want a free service and that if they going to see ads to get it, then they want those ads to be relevant,” he said.

China contradiction?

Others made the point that it is easy for Tim Cook to take a sanctimonious line on privacy, when Apple’s business model depends on selling expensive hardware rather than collecting vast amounts of data to use in targeting advertising.

Alex Stamos, who’s just stepped down as Facebook’s Chief Technology Officer, was quick to point out that Apple doesn’t give much privacy to Chinese iPhone users who are barred from installing a VPN to get round censorship.

Reference

https://www.bbc.com/news/technology-45993776

WikiLeaks reveals Amazon data centres ahead of DoD bid closure

A day ahead of the closing of bids for a massive US Department of Defence cloud contract, WikiLeaks has published the locations of Amazon’s data centres which, it claims, have been a closely held secret until now. Amazon is a frontrunner to win the US$10 billion contract.

The whistleblower website said the information was contained in an internal document from the cloud provider dating back to late 2015.

The DoD contract, known by its acronym JEDI — Joint Enterprise Defence Infrastructure — is meant to unite all Defence services under one cloud vendor as the CIA did in 2013 with Amazon at a cost of US$600 million

In August, a report in the American magazine Vanity Fair  said that the conditions laid down for the contract appeared to be sharply skewed to favour Amazon.

WikiLeaks said that a few of the data centres were publicly associated with Amazon but this was the exception. In most cases, the company was said to operate out of data centres owned by other companies and with no indication that it had a presence in these centres.

The data centres are located in Northern Virginia, Seattle, California Bay Area, Northeastern Oregon, Dublin, Luxembourg, Frankfurt, Beijing, Ningxia, Tokyo, Osaka, Singapore, Sydney, Sao Paulo and Rio de Janeiro.

Additionally, WikiLeaks said, Amazon sometimes ran its data centres under lesser known subsidiaries such as VaData. At its IAD77 data centre, the leaked document says that “Amazon is known as ‘Vandalay Industries’ on badges and all correspondence with building manager”.

The name Vandalay Industries was made famous by the Seinfeld character George Costanza who made it up when asked by an US dole official about the names of places where he had interviewed for a job.

WikiLeaks pointed out that in 2017, Amazon had announced the AWS Secret Region, which was storing data classified up to the Secret level by a range of government agencies and companies. Amazon won a US$600 million contract with the CIA in 2013.

The US Government has said it is looking for a single provider and other companies that are bidding, like Oracle and IBM, have made formal protests about this requirement.

Reference

https://www.itwire.com/data-centres/84872-wikileaks-reveals-amazon-data-centres-ahead-of-dod-bid-closure.html

The Illustrated TLS Connection

Amazing for learning TLS!

Reference:

https://tls.ulfheim.net/

Free, Highspeed and Private DNS

Nearly everything on the Internet starts with a DNS request. DNS is the Internet’s directory. Click on a link, open an app, send an email and the first thing your device does is ask the directory: Where can I find this?

Unfortunately, by default, DNS is usually slow and insecure. Your ISP, and anyone else listening in on the Internet, can see every site you visit and every app you use — even if their content is encrypted. Creepily, some DNS providers sell data about your Internet activity or use it to target you with ads.

We think that’s gross. If you do too, now there’s an alternative: 1.1.1.1

 

Privacy First: Guaranteed.

We will never sell your data or use it to target ads. Period.

We will never log your IP address (the way other companies identify you). And we’re not just saying that. We’ve retained KPMG to audit our systems annually to ensure that we’re doing what we say.

Frankly, we don’t want to know what you do on the Internet—it’s none of our business—and we’ve taken the technical steps to ensure we can’t.

Reference:

https://1.1.1.1/

Graduate Student Solves Quantum Verification Problem

Now, after eight years of graduate school, Mahadev has succeeded. She has come up with an interactive protocolby which users with no quantum powers of their own can nevertheless employ cryptography to put a harness on a quantum computer and drive it wherever they want, with the certainty that the quantum computer is following their orders. Mahadev’s approach, Vazirani said, gives the user “leverage that the computer just can’t shake off.”

Their procedure relies on what’s called a “trapdoor” function — one that is easy to carry out, but hard to reverse unless you possess a secret cryptographic key. (The researchers didn’t know how to actually build a suitable trapdoor function yet — that would come later.) The function is also required to be “two-to-one,” meaning that every output corresponds to two different inputs. Think, for example of the function that squares numbers — apart from the number 0, each output (such as 9) has two corresponding inputs (3 and −3).

Armed with such a function,   you can get a quantum computer to create a secret state as follows: First, you ask the computer to build a superposition of all the possible inputs to the function (this might sound complicated for the computer to carry out, but it’s actually easy). Then, you tell the computer to apply the function to this giant superposition, creating a new state that is a superposition of all the possible outputs of the function. The input and output superpositions will be entangled, which means that a measurement on one of them will instantly affect the other.

Next, you ask the computer to measure the output state and tell you the result. This measurement collapses the output state down to just one of the possible outputs, and the input state instantly collapses to match it, since they are entangled — for instance, if you use the squaring function, then if the output is the 9 state, the input will collapse down to a superposition of the 3 and −3 states.

But remember that you’re using a trapdoor function. You have the trapdoor’s secret key, so you can easily figure out the two states that make up the input superposition. But the quantum computer cannot. And it can’t simply measure the input superposition to figure out what it is made of, because that measurement would collapse it further, leaving the computer with one of the two inputs but no way to figure out the other.

In 2017, Mahadev figured out how to build the trapdoor functions at the core of the secret-state method by using a type of cryptography called Learning With Errors (LWE). Using these trapdoor functions, she was able to create a quantum version of “blind” computation, by which cloud-computing users can mask their data so the cloud computer can’t read it, even while it is computing on it. And shortly after that, Mahadev, Vazirani and Christiano teamed up with Vidick and Zvika Brakerski(of the Weizmann Institute of Science in Israel) to refine these trapdoor functions still further, using the secret-state method to develop a foolproof way for a quantum computer to generate provably random numbers.

Mahadev could have graduated on the strength of these results, but she was determined to keep working until she had solved the verification problem. “I was never thinking of graduation, because my goal was never graduation,” she said.

Reference

https://www.quantamagazine.org/graduate-student-solves-quantum-verification-problem-20181008/

World wide web has become a Frankenstein’s monster: Creator Sir Tim Berners-Lee admits his brainchild is now ‘an engine of inequity and division’ as he launches audacious bid to fix it

The inventor of the world wide web has admitted that he’s become disillusioned by his creation because it has become ‘an engine of inequity and division.’

Sir Tim Berners-Lee created the web in 1989 with the idea that the sharing of information would benefit all mankind – but now, he says it is ‘swayed by powerful forces who use it for their own agendas.’

In a blog post, the 63-year-old spoke of how the public have developed a mistrust of apps that ‘have an ulterior motive.’

In the wake of the breach of millions of people’s Facebook data by Cambridge Analytica, he revealed he has been working on a new online platform that would help users regulate the personal information they share online and how the data is stored.

I’ve always believed the web is for everyone,’ he wrote.

‘That’s why I and others fight fiercely to protect it. The changes we’ve managed to bring have created a better and more connected world.

‘But for all the good we’ve achieved, the web has evolved into an engine of inequity and division; swayed by powerful forces who use it for their own agendas.’

He added: ‘Today, I believe we’ve reached a critical tipping point, and that powerful change for the better is possible — and necessary.

This is why I have, over recent years, been working with a few people at MIT and elsewhere to develop Solid, an open-source project to restore the power and agency of individuals on the web.’

Sir Tim is launching his startup company Inrupt off of Solid, a decentralised web platform he and others at Massachusetts Institute of Technology have spent years working on, this week.

Its aim is to decentralise the web and take back the reins of power from the likes of Google, Facebook and Amazon.

He is also working on a digital assistant called Charlie as a rival to Amazon’s Alexa which is also aiming to give people more control of their data.

People want apps that help them do what they want and need to do — without spying on them, Sir Tim added.

‘Apps that don’t have an ulterior motive of distracting them with propositions to buy this or that. People will pay for this kind of quality and assurance.’

With Inrupt, users can create their own ‘personal online data store’ – or POD – to house anything from contact lists to music libraries.

The technology is designed to bring together the functions of programs such as Google Drive, Microsoft Outlook, Slack, Spotify and WhatsApp in one place.

Sir Tim says the intent behind his startup is ‘world domination’ in an exclusive interview with Fast Company.

The site noted that the comment was said in jest – but was also true.

‘It’s a historical moment,’ Sir Tim said. ‘We have to do it now.’

As of this week, tech developers around the globe can create their own decentralisd apps using the tools available on the Inrupt website.

One of Solid’s key features is that people are in charge of deciding who can access the information they store within their PODs – which the company refers to as ‘personal empowerment through data’.

Inrupt is said to have the potential to completely upend the business models of companies like Facebook and Google, who have raked in profits from quietly selling user information to third parties.

An avid defender of net neutrality, Sir Tim added: ‘We are not talking to Facebook and Google about whether or not to introduce a complete change where all their business models are completely upended overnight.

‘We are not asking their permission.’

Reference:

https://www.dailymail.co.uk/news/article-6226329/World-wide-web-Frankensteins-monster.html

%d bloggers like this: