Thursday, January 27, 2011

More on Stuxnet

In an earlier post, I wrote about the theory that Stuxnet was created and deployed by the U.S. and Israel. I deplored the deed because it also unleashed a powerful and - to my knowledge - unprecedented form of malicious software that will certainly be copied and re-used for all sorts of mischief.

The January 26, 2010, edition of the New York Times includes two op-ed pieces on Stuxnet. In "25 Years of Vandalism," William Gibson (author of Neuromancer and coiner of the word "cyberspace") traces the history of hacking to 1986. He also claims that it is less likely that Stuxnet is "a cyberweapon purpose-built by one state actor to strategically interfere with the business of another" than "a piece of hobbyist 'street' technology." If he's right, this is probably even worse news than I thought. It seems likely that hobbyist crackers - who are probably more numerous and even less discerning than governments - can adapt each others' code more readily than the kind of sophisticated worm Stuxnet has been described as elsewhere.

Indeed, the other op-ed, "From Bullets to Megabytes" by Richard A. Falkenrath, former "deputy homeland security adviser to President George W. Bush," describes Stuxnet as a "sophisticated half-megabyte of computer code." Falkenrath's analysis of the fallout from Stuxnet is also more sophisticated on mine, touching on the likely effect on relationships between governments and the global information technology industry as well as raising questions about the legality of the authorization of the use of such malware by the U.S. President.

It's a scary place out there.

Ken Pimple, PAIT Project Director

Wednesday, January 26, 2011

"Attention Turns to the Dangers of Distracted Pedestrians"

Fresh on the heals of news that T-Mobile and other mobile phone carriers are serious about providing protection against distracted driving (see my earlier post), the New York Times (January 25, 2011) reports that several states - New York, Oregon, Virginia, California, and Arkansas are named - have passed, tried to pass, or are thinking of passing laws to ban pedestrians and bicyclists from using mobile phones and media players with headphones or ear buds.

A surprising number of people walk or run right in front of a moving car when entranced by their music, often with fatal consequences. The curmudgeon in me just wants to nominate such people for the Darwin Award, but death is an awfully steep penalty for a moment's distraction, and the innocent drivers involved in such collisions must be seriously traumatized.

Before legislation started popping up banning texting while driving, I wondered whether it would be possible or effective simply to define distracted driving as reckless driving. That legal move, plus a good deal of public education, might be a good deterrent. There's probably an analog for bicyclists, but is there for pedestrians?

At any rate, no matter how much we love our devices, and how much actual value they add to our lives, we really shouldn't let them eradicate our good sense.

Ken Pimple, PAIT Project Director

Tuesday, January 25, 2011

"Google and Mozilla Announce New Privacy Features"

According to this New York Times article, Google's browser (Chrome) and Mozilla's (Firefox) will soon have the capability to send a "do not track" signal to Web sites they visit. Although they take different approaches, the opt-out feature of both browsers will, in essence, ask each Web site visited not to track the user. The new features will have no effect at sites that are not so configured.

These features do not seem as robust as Microsoft's (which I mentioned in an earlier post), which will allow the user to block Web sites based on a do-not-track list that users will be able to import to their browsers or create themselves. (See Microsoft's announcement for details.)

The comments posted by readers to the article about Google and Mozilla are generally disdainful of their approach - relying on industry to voluntarily implement the software that will make the privacy features work. Probably safe and legitimate sites will do so, but predatory sites will certainly not.

The comments also offer a few suggestions for dealing with this problem, including already available plug-ins (extensions).

Ken Pimple, PAIT Project Director

Friday, January 21, 2011

"Cell Carriers Explore Ways to Limit Distracted Driving"

This article in the January 20, 2011, New York Times, describes the announcement by T-Mobile of a service that "for $4.99 a month, automatically disables rings and alerts and sends calls to voice mail when the phone is in a moving car." The feature can be disabled by passengers or foolhardy drivers. Other carriers are exploring the same idea.

I think that using a mobile phone while driving - whether texting or talking, hands-free or hands-on - should be illegal. Distracted driving is dangerous. But until we pass laws or change our culture, this kind of feature is welcome.

Ken Pimple, PAIT Project Director

"Israel Tests on Worm Called Crucial in Iran Nuclear Delay"

This article, published January 15, 2011, in the New York Times, lays out a case to show that the United States and Israel created and used the Stuxnet computer worm to delay Iran's nuclear program.
By the accounts of a number of computer scientists, nuclear enrichment experts and former officials, the covert race to create Stuxnet was a joint project between the Americans and the Israelis, with some help, knowing or unknowing, from the Germans and the British.
Stuxnet does its damage by taking over a specific controller, the Siemens P.C.S.-7, which is used to run all kinds of industrial machinery. In particular, Stuxnet targeted the controllers of the centrifuges used by Iran to enrich uranium into a form that can be used to fuel a power plant or create a nuclear weapon. The P.C.S.-7 is widely used, and it seems likely that Stuxnet could be adapted to attack other nuclear refineries or even other kinds of plants - water treatment facilities, power plants, and so forth.

It seems to be widely agreed that Stuxnet is too sophisticated to have been created by your run-of-the-mill, or even stand-out, cracker, meaning that it was most likely created by one or more governments or corporations. The claim that it was crafted by the United States with Israeli help strikes me as credible, and I am glad that Iran's nuclear ambitions have been delayed.

However, the origin and results of this (apparently) first use of Stuxnet are not my concern here. To me, the biggest issue is that this sophisticated software is out there, available for study. I find this to be the most disturbing paragraph in the article:
“It’s like a playbook,” said Ralph Langner, an independent computer security expert in Hamburg, Germany, who was among the first to decode Stuxnet. “Anyone who looks at it carefully can build something like it.” Mr. Langner is among the experts who expressed fear that the attack had legitimized a new form of industrial warfare, one to which the United States is also highly vulnerable.
Someone, whether the U.S. or someone else, carefully crafted a genie, and then let it out of the bottle. The world may be a bit more safe from Iran's nuclear program for the moment, but I can't help wondering whether it's a net gain in security.

Ken Pimple, PAIT Project Director

Tuesday, January 4, 2011

Update: "A Faustian Exchange"

This appears to be an update of an earlier post. My thanks to Jason Borenstein for sending this my way. - Ken

AI & SOCIETY: Celebrating the 25th birthday anniversary

Call for Papers

Theme: ‘A Faustian Exchange: What is to be human in the era of Ubiquitous Technology?’

As part of the celebration of the 25th birthday anniversary of AI&Society in 2012, we are planning three inter-linked activities: a Special Birthday volume; Academic Workshop/Conference in Cambridge, and a Public installation event at the Dana Centre, Science Museum, London. In the age of pervasive and streaming technologies, we get a deep sense that the more we get caught up in a process of self-commodification, the more we are threatened with the loss of our existential autonomy. We have become accustomed to perceiving and thinking in singularities and individualism, rooted deeply into the techno-industrial culture of competitiveness and the possibilities inherent in technology. Since its inception, the theme of Judgment to Calculation has been central to the ongoing debates in the journal. In the early days of AI, Prof. Weizenbaum in his seminal book, Computer Power and Human Reason (1976), warned us against instrumental reason and giving machines the responsibility for making genuinely human choices.

There is a legitimate concern that further advances in pervasive technology could create profound social disruptions and even have dangerous consequences, forcing humans to learn to live with machines which increasingly copy human behaviours. But how is it possible to reconcile the widening gaps between constructed reality and the basic reality of the human condition? The challenge is to recalibrate the spiral of Judgment to Calculation, moving forwards from Calculation to Judgment. We feel that the time has now come to square the circle and provide a forum for a debate on the theme of ‘Faustian Exchange: what it is to be human in Ubiquitous Technology’, reflecting the complex, uncertain, multicultural and interconnected world we live in.

Issues and Concerns
Pervasive technology has great potential and possibilities in many realms of human society, including medicine, healthcare, agriculture, transportation, education, commerce, arts and culture, scientific research and discovery. However, we should remain vigilant about the profound implications of the mediating technologies on human life.
  • What are the consequences of man’s reliance on technology in deciding and pursuing what is truly valuable?
  • What is it to be human when being mediated by technology in contrast to how we are in the presence of others?
  • How do we make our presence felt in the wilderness of the post-human and the extended mind?
  • How does this new pervasive technology affect society? How do we interact with the technologies embedded in our world? Have we gone beyond the frontiers of control?
  • How do we deal with the dilemma that singularity represents not simply the passing of humankind from center stage, but that it contradicts our most deeply held notions of being?
  • A robot for granny – Is there a technocratic fix for every social “problem”?
  • What would it be like designing technological systems for nurturing the well-being of human kind?
  • What can arts, literature, music and culture contribute to the debate on Faustian Exchange?
  • Can the sorcerer’s apprentice shed some light on increasing preoccupation of technologising the academy and turning universities into theme parks of extended websites?
  • How do we transcend the ‘bipolar tendency’ of the market culture, and ‘deal with the swings between prophesies of doom that serve only to paralyze us further, and the unbridled consumerism that makes things worse’?
  • Does the recent financial crisis at last make us see through the myth of the culture of ‘anti-intellectualism’ and the ‘end of history’?
  • What have we gained and what have we lost in the Faustian Exchange? Have we already bargained our soul for the seductive power of instrumental technology?
This special 25th anniversary issue of AI&Society will explore ways to optimize technology for society beyond the question of could we and should we. We welcome contributions for this special volume, and look forward to receiving expressions of interest, position papers/ abstracts, full papers:

Call for papers: 5 October 2010          
Abstracts: 25 January 2011 (approx 500 words)
Full articles (upto 6000 words): 15 July 2011    
Publication: July/August 2012

Karamjit S Gill
Editor, AI&Society: journal of knowledge, culture ad communication

"When Computers Keep Watch"

This article from the New York Times (January 1, 2011) describes advances and uses of computerized analysis of visual images of people, including face recognition. The first example is of a system that monitors a prison yard in an annual training exercise for correctional officers.
Perched above the prison yard, five cameras tracked the play-acting prisoners, and artificial-intelligence software analyzed the images to recognize faces, gestures and patterns of group behavior. When two groups of inmates moved toward each other, the experimental computer system sent an alert - a text message - to a corrections officer that warned of a potential incident and gave the location.
Other examples include a computer-vision system that reminds hospital personnel to wash their hands when they are supposed to; another mounted behind a mirror that can "read a man's face to detect his heart rate and other vital signs;" a third can "analyze a woman’s expressions as she watches a movie trailer or shops online, and help marketers tailor their offerings accordingly."

Like most pervasive technologies, these computer-vision systems clearly have the potential to be beneficial in many ways, but also could easily be misused to violate privacy and cause other kinds of harms. As I read the article, the possibility of abuse by employers occurred to me before I reached this passage:
At work or school, the technology opens the door to a computerized supervisor that is always watching. Are you paying attention, goofing off or daydreaming?
Some people will argue that such a use would be justified because it would lead to great productivity and a thriving economy. Others, such as myself, would call it tyrannical; and I'd go on to say that there may be problems with ever-growing economies.

The examples above of the mirror that reads vital signs and the computer that monitors the reactions of shoppers or movie watchers are made possible by the research of Rosalind W. Picard and Rana el-Kaliouby at M.I.T. They have worked "for years" to apply "facial-expression analysis software to help young people with autism better recognize the emotional signals from others that they have such a hard time understanding" and co-founded a company, Affectiva, to market the software.

I am most alarmed by the use of these technologies to improve marketing and advertising, the practical science(s) of behavior control. Big business has the money and the incentive to propel the use of this software far and fast. What if the marketers actually perfect their art? Perfect marketing is perfect behavior control, and it might be reached under the flag of economic development with the blessing of our dominant paradigm. I find the fact that this may be made possible by the work of people who wanted to help people with autism bitterly ironic.

Ken Pimple, PAIT Project Director