Category Archives: Technology

Amazon: All About Customer Experience?

Posted on by

Millions of people have benefited from Amazon’s single-minded quest to create frictionless commerce. Pretty much everything it might occur to us to want—from a book to laundry detergent to a snow blower—arrives, if not overnight, well before we’ve forgotten ordering it. Customer reviews, price comparisons, and Q&As guide our choices and let us weigh in with praise or complaints.

Behind that wall of customer-facing information is a lot of other information. About us. Information we have trusted the company with. Yet it seems Amazon has done a remarkably poor job minding that particular store. In the current issue of Wired, Will Evans writes about “Amazon’s Dark Secret”—one that’s been obscured by Amazon’s disingenuous assertions that privacy is “sewn into” everything the company does. (Read the full eye-popping article from Reveal and Wired here.)

Too many of the company’s 575,000 employees worldwide have access to customer data. This has allowed low-level employees to snoop on purchases made by celebs, to use customer data to help third-party sellers sabotage their competitors, to mess with Amazon’s product review system, and to enable sale of low-quality knock-off products.

Our data were so readily available that, for years, Amazon didn’t even know where the relevant databases—including credit card numbers—were. Funny, hackers could find them. If a design team wanted a database, it was readily available to them. If they made a copy, no one in the company security apparatus knew. In short, “Amazon had thieves in its house and sensitive data streaming out beyond its walls.”

Management for years turned a blind eye to these problems. Raising a red flag was a good way for an employee, including members of the too-small security staff, to get shut down or shut out. The whole edifice became shakier when the EU established its General Data Protection Regulation, and Amazon, like every other company dealing with EU members’ citizens, had to comply by the May 2018 deadline.

Amazon spokespeople deny the general tenor of the article and emphasize progress that’s been made, but you might want to read the whole electrifying saga. Bits and pieces of this story have been coming out for several years, but like Gerald Posner’s excellent God’s Bankers, pulling all these stories together in a coherent narrative, as here, makes for a compelling indictment.

The 21st Century P.I.

Posted on by

Writers who focus on stories about crime are doubtless aware that the job description of today’s private detective has expanded dramatically. Tyler Maroney in his book: How Corporate Intelligence is Reshaping the World, looks far beyond the old-fashioned gumshoe, sitting in his beater, chain-smoking and sipping from a flask outside a no-tell motel. In fact, several of the books I’ve enjoyed most this year take advantage of investigators’ diverse roles–like New Jersey Noir: Cape May, and The Measure of Time.

Says Maroney, who has his own firm, Quest Research & Investigations, America’s 35,000 private investigators “are everywhere,” working for a long list of clients–large companies, government agencies, A-list movie stars, professional athletes, non-profits, sovereign nations, media organizations, and business tycoons. They work for lawyers preparing cases and politicians running for office. Why are they hired? To uncover wrongdoing, right wrongs (real or perceived), satisfy curiosity, and find someone or something, for revenge or competitive advantage. Sometimes the hiring is in a worthy cause, and sometimes it’s merely to feed paranoia.

The book describe a series of interesting cases, among them, helping a civil rights law firm free a wrongly incarcerated client, using computer forensics to ferret out employee fraud, conducting background checks on company executives before a client invests, recovering assets from American debtors hiding abroad, and negotiating with foreign strongmen. In the chapter on a surveillance assignment, he says (and this will be contrary to every television show you’ve ever seen), investigators cannot lie to a subject, they cannot impersonate or deceive. In many states, they cannot fabricate their identities. Despite the many prohibitions, Maroney says, “about once a month in my job, someone asks me to break the law.”

There are good stories here and no doubt equally good ones buried in some of those illegal requests. Enough story ideas to last the decade!

The sheer variety of the work is fascinating, especially for those who write about crime and what it takes to ensure an investigator’s clients “get the hidden information they need. We are lubricant, bandage, and weapon.”

Find it on Amazon or at your local indie bookstore.

Progress or Peril for Workers?

Posted on by

Warning: This is a post that may well fall into the category of free-association or, less kindly, half-baked. Three magazine articles I’ve caught up on this past week had something to say about the world of work, which seems headed for a collision with the future.

First up was a rather breathless article in the January/February issue of Metropolis (link to article here), about the rapid advances in 3D printing that extrudes cement to create entire buildings. “Companies worldwide are automating the construction of homes, offices, and other structures through techniques like 3D printing, robotic finishing, and automated bricklaying,” which lays down brick three times faster than a human.

“The possibility of automation soon becoming the norm in construction is not so far-fetched.”

Benefits the author cites are: improving construction efficiency, sustainability, and worker safety, while increasing the housing supply and even remedying labor shortages. Still, according to the federal Bureau of Labor Statistics, 7.2 million Americans had construction jobs in July 2018—“the highest employment level for the construction industry in a decade, with 7.5 million jobs projected by 2026. (The prognosticators must not read Metropolis.)

According to one builder, its automated processes can produce housing units in two or three weeks at about 40 percent lower cost than conventional construction and with “almost zero construction waste” (a good thing).

Sounds great, right? But who’ll look out for the people who want relatively good-paying construction jobs, enjoy building things where they can see the results, and don’t want to sit at a desk day in and day out writing software code? “Saving labor costs,” which is an argument implicit in the article but tactfully unstated, means lost jobs.

Impact on Workers

In Wired, a story reported on a 25-year-old bet on the future of technology that pitted one man’s rosy view against another’s dire outlook (both were half-right). A concern of the anti-tech guy (Kirkpatrick Sale, who had just written a book extolling the Luddites) was that technology “stole decent labor from people.” I hope Sale doesn’t read the Metropolis article; he’ll have a stroke.

Finally, historian Jill Lepore’s New Yorker article, “What’s Wrong with the Way We Work,” unearths some even earlier predictions. No less a personage than economist John Maynard Keynes said that, a hundred years in the future (starting date unstated), people would work no more than 15 hours a week, and everyone would suffer from boredom.

“It is a fearful problem for the ordinary person,” Keynes said, “with no special talents, to occupy himself.” Being confined to home during the pandemic has shown that even people with special talents can enter the realms of ennui and discontent.

Meanwhile, we know whose playthings those idle hands are. It’s worth remembering that the majority of people arrested after the January 6 insurrection have a record of serious financial troubles. It’s probably not too much of a stretch to wonder how many of those arise, at least in part, from a lack of good-paying jobs. In construction, for example.

I don’t know whether there’s anything worth thinking about here, or if these are just disconnected ramblings. If you have thoughts, I’d love to read them.

Goalposts Moved for Spy Writers

Posted on by
Desmond Llewelyn, Q, James Bond, Spycraft

The Cipher Brief presentation this week from John Sawers, former Chief of the British Intelligence Service (MI6) covered a lot of ground, including how the world of espionage is changing in the networked age. John le Carré taught us how to understand the motives and tradecraft of Cold War spies, but those days are over. Writers about espionage, like those in the trade itself, must learn new skills.

Tradecraft Trends

Sawers emphasized the shifting importance of the data analyst versus the case officer. In the old days, case officers recruited, trained, and ran their agents. They were, in a way, laws unto themselves. Not any more. James Bond’s “Q” (pictured, as played by Desmond Llewelyn) is no more; agents don’t ask the technologists for help solving a problem, the data analysts and technologists help design the intervention from the outset.

This evolution takes place at a time when the domestic security services of target countries have upped their games considerably. They too may have sophisticated analytic capability, which changes how foreign agents must operate. An example Sawers gave is the availability of facial recognition software and biometric identification. The old methods of disguise—so integral to the spectacular television series, The Americans, set in the 1980s—are next to useless. “The technology is neutral,” he said, and security services have to make it an ally. Our fictional spies can’t put on a wig and run rampant in foreign nations any more.

Strategic Trends

Like many analysts, Sawers keeps a wary eye on China. The country’s behavior around the pandemic has led to “the scales falling from the eyes of EU countries” who’d been less prone to criticize it. While, as writers, we recognize that the Xi Jinping China of today is not the same China that Deng Xiaoping led just over thirty years ago, I admit to being a fan of Tang Dynasty China (700 AD), so I’m really 1300 years behind the times.

Sawers says Western nations are good at identifying security challenges originating from China, but it’s harder to counter Chinese economic strategies, like the Belts and Roads Initiative. Yes, that is an effort to improve the infrastructure of various low-income countries, but it’s also a way to tie the economies of these countries to China and attempt to influence their politics.

Despite recent bumps, the relationship between the US and the UK runs very deep, Sawers maintained, and the two countries’ intelligence agencies’ relationship is solid. The longer-term unease will be between the US and other countries with which it is not as close. Can they trust us not to whipsaw them every four years? That lingering tinge of suspicion should inspire some juicy plot points.

Sawers says the political upheavals and divisions that have occurred in both our nations are at least partly an aftershock of 2008’s economic collapse. This is especially interesting in light of a 2/10 Washington Post report that nearly 60 percent of people facing charges from the January 6 insurrection have a higher-than-average history of serious money troubles: bankruptcies, evictions and foreclosures, bad debts, lawsuits over money owed, or unpaid taxes. Something to keep in mind if these disaffected folk are characters in your new story!

Out of the Frying Pan

Posted on by

Just when we might indulge in a huge sigh of relief about the narrow escape our democracy has just experienced, on the horizon looms a more-than-plausible thriller about the disastrous consequences of deteriorating U.S.-China relations.

If you like political or military thrillers, get yourself a copy of the current issue of Wired (29.02), which is entirely devoted to a four-chapter excerpt of 2034: A Novel of the Next World War, the new book by Elliot Ackerman (novelist, Marine with five tours in Iraq and Afghanistan) and Admiral James Stavridis, supreme allied commander of NATO from 2009 to 2013 and recent Dean of Tufts University’s Fletcher School of Law and Diplomacy.

The Wired editors made this unusual choice by explaining that, while their content is often wildly optimistic about the future, sometimes they must take pains “to envision futures that we really, really want to avoid.” Cold War-era fiction laid out the grim path the great powers were on. As Stavridis explained, they made “the unthinkable as vivid as possible.” The cautionary tale 2034 tries to do the same.

I’ve read the first chapter, which starts, not surprisingly, in the flashpoint of the South China Sea, where a trio of U.S. destroyers is on a “freedom-of-navigation” patrol.

You may recall that IRL, China has been creating and weaponizing artificial islands in the sea, has seized our drones there, and is gradually asserting an expanded zone of influence. Why do we care? About a third of world commerce passes through those waters, which are the primary link between the Pacific and Indian oceans; it has oil and gas reserves; and is a gateway to many of our allies.

The fictional U.S. ships, their communications disabled, become surrounded by PRC warships, and must resort to signal flags to communicate with each other. (This reminds me of P.W. Singer and August Cole’s 2015 speculative thriller Ghost Fleet, in which U.S. military communications is compromised by malware embedded in cheap Chinese computer chips–a pound-foolish penalty of low-bidder procurement. To operate at all, the Navy must deploy ships, planes, and submarines that predate modern computers and wireless communications.)

The lesson from both books is what we become most reliant on makes us vulnerable. As if the military has become like people who cannot get from home to office and back without GPS. In a sort of epigram, Wired offers this: “They fired blindly in the profound darkness of what they can no longer see, reliant as they had become on technologies that failed to serve them.”

Anyway, it’s a cracking good read, and it appears you can download the whole book as a pdf (or other format) here.

170427-N-ES536-0005 NORFOLK (April 27, 2017) Quartermaster 1st Class Jose Triana, assigned to the Pre-Commissioning Unit aircraft carrier Gerald R. Ford (CVN 78), attaches signal flags to a line. Ford’s “over the top” lines are being weight tested by the ship’s navigation department. (U.S. Navy photo by Mass Communication Specialist 3rd Class Elizabeth A. Thompson/Released)

Private Eyes: 2020 Incarnation

Posted on by
spy, espionage, reading

Patrick Radden Keefe in The New Yorker reviews a couple of recent books about the private investigation industry and its changing role. One of them, The Modern Detective: How Corporate Intelligence is Reshaping the World, by Tyler Maroney, was named a 2020 favorite by Kevin Burton Smith, who monitors PI stuff on his web site, for the Private Eye Writers of America, and for Mystery Scene.

More than thirty thousand private investigators are working in the United States, and while some of them engage in the activities that find their way into crime stories—investigating kidnappings, flagging cheating spouses or employees, and finding missing persons—a lot of what modern PI’s do is less juicy corporate work. They check out potential employees, track missing assets, scour proposals for multibillion-dollar deals, assess corporations’ potential partners, engage in (presumably) white-hat hacking, and amass opposition research from the undrained swamp of politics.

These activities are ubiquitous in the corporate world today. Globalization, deregulation, and rapid technological change have created the opportunity for whole new chapters in the secret investigations playbook, as well as new criminal opportunities and strategies.

Despite the growth in that sector of the industry, tales of insider trading, corruption, and fraud are a regular feature of the news media. You have to wonder, is the investigations business simply ineffective in curbing bad behavior, or is the malfeasance we read about only the tip of what would be a glacier-sized iceberg if the investigators’ weren’t on the job?

Says Keefe, the book “is not an exposé. It is part memoir, part how-to guide, a celebration of the analytical and interpersonal intelligence that makes a great investigator.” Those are the traits that have given Poe’s Auguste Dupin and Conan Doyle’s Sherlock Holmes nearly a century and a half of popularity. Sounds like a must-read!

World-Rocking Reading List:
The Modern Detective: How Corporate Intelligence is Reshaping the World
Kleptopia: How Dirty Money Is Conquering the World
Broker, Trader, Lawyer, Spy: The Secret World of Corporate Espionage

Covid in an Era of Cyber Insecurity

Posted on by

12/3 Update: The attacks on health care entities attempting to address the Covid pandemic continue, with the latest hacker target–the cold chain necessary to distribute vaccines.

Since 2014, the United States has faced an increasing number of well-publicized cyber attacks. Although some have been severe, none have crossed the “traditional threshold of war,” as described by Garrett M. Graff in a November 2020 Wired article. To recap a few of these: In 2014, there was China’s theft of government personnel records and North Korea’s suspected hack of Sony; in 2016, Russia attempted to manipulate the presidential election; and more recently, we’ve seen numerous ransomware attacks on institutions and municipal governments, both large (Atlanta, Baltimore) and small.

In response to such threats, New York City created a citywide cyber command (the NYCCC) in July 2017. This centralized organization works across NYC agencies and offices “to prevent, detect, respond, and recover from cyber threats.” Geoff Brown, head of the NYCCC, described its challenges in a recent online briefing moderated by Cipher Brief founder Suzanne Kelly. A consolidated approach certainly has face validity, compared to asking a hundred different entities with personnel of varying training, skill, and interest to cobble together their own separate, inevitably not interoperable security plans. As Brown said, “We can’t predict what’s coming around the curve, but if we build resilient systems overall, we can respond well.”

Over the last year, in the face of Covid, the NYCCC has used its technical environment to “defend the defenders.” When city agencies moved to remote operations, that process also was aided by the NYCCC’s work. Not surprisingly, cyber adversaries took advantage of concerns about Covid to expand their intrusion attempts, knowing people would more quickly respond to queries and data requests that appeared to be Covid-related and ignore potential red flags.

It was incredibly sobering, Brown said, to reflect on how, in the middle of a life-threatening crisis, the health network itself became so vulnerable. As a result, NYCCC has worked with both the public and the private hearth care sectors to increase awareness of cyber vulnerabilities and strengthen their defenses. Never forget, he warned, that without extreme vigilance, the consequences can be deadly. He cited how a ransomware attack led to the recent death of a German man.

Understandably, health care systems have a fundamental concern about patient privacy, although even that makes the system subject to attack. Clearly, such attacks are corrosive, with damage beyond their initial impact, by damaging citizens’ all-important trust in governmental, public health, and social institutions.

The Perfect Weapon

Posted on by
The Perfect Weapon, HBO, David Sanger

In mid-October, HBO released its documentary, The Perfect Weapon, about growing cyber security risks (trailer). A recent Cipher Brief webinar featured David Sanger, national security correspondent for The New York Times, who wrote the book on which the documentary was based, and Mary Brooks, who contributed to both his book and the documentary, and was moderated by Cipher Brief founder Suzanne Kelly.

Creating a documentary based on a detailed, fascinating, and chilling 340-page book is a challenge. It had to be more interesting than 000s and 111s scrolling down the screen. There was a history to lay out. Director John Maggio decided to render the technology aspects of earlier cyberattacks in broad strokes and to humanize the story by focusing on the victims. This approach not only revealed how many sectors of society are vulnerable to cyber criminals, but also how diverse are the sources of these attacks.

The first cyber attack receiving much play in the United States was North Korea’s 2014 takedown of Sony in response to a movie it didn’t like. For that segment, Maggio’s team could interview actors and executives. It was harder to get the story of the next significant attack—this one by the Iranians on the Sands Casino in Las Vegas—because the casino executives don’t want to publicize it.

Since then, attacks have continued, most recently with ransomware attacks on US hospitals already stretched thin by the coronavirus, and on local governments in Florida, for example—after crippling attacks on Baltimore and Atlanta.

Though costly and significant, these episodes have not been serious enough to trigger retribution by the US government. “They are short of war operations,” Sanger said, “and deliberately calculated to be so.” The potential for much more consequential acts definitely exists. It is known, for example, that malware has been placed in the US power grid, where it sits. Officials don’t want to talk about it, or remove it, ironically, because they don’t want the bad actors to understand our detection capabilities.

Of course, the United States isn’t inactive in this arena. In 2010, our government. and Israel used the malicious computer worm Stuxnet to disable Iran’s nuclear program, an action US officials won’t admit to even now, Sanger said. Unfortunately, the destructive Stuxnet code escaped into the wild and is now available to many black-hat hackers. Stuxnet “didn’t start the fire,” he said, “but it was an accelerant.”

Who is behind an attack can be murky. For various reason, organized crime has increasingly muscled its way into the cyber-threat business. Governments hire hackers or external organizations to create havoc, because it gives them deniability. “Not us,” they say.

The US Cyber Command’s goal is to “defend and advance national interests.” However, the job of preventing attacks is difficult. It’s a challenge that requires considerable imagination, given an environment where the risks are escalating rapidly, the technology is improving constantly, and the targets have no boundaries. You may have read about recent threats to COVID vaccine research.

What exactly are the “national interests,” when American businesses have suppliers, clients, and customers all over the world? Companies don’t want to be perceived as working against those relationships. Google, for example, declined to participate in a military program to make drone attacks more accurate. Similarly, though Microsoft and the Cyber Command were both attempting to disable TrickBot in the last few weeks, their efforts were independent and uncoordinated.

Thomas Donahue, Senior Analyst at the Center for Cyber Intelligence has said, “We cannot afford to protect everything to the maximum degree, so we’d better figure out what cannot fail,”

The documentary—and the book—lay out what’s at stake for all of us. Past posts on this topic:
* Our Biggest Threats Keep Growing
* Cyberthreats: Coming to a Company Near You

Technology & Elections

Posted on by
vote, voting, election

A set of articles in the current issue of Wired discuss the part technology can play in improving our elections. Skeptical, all things considered? You should be. Still, here’s what to watch for.

Candidates and Facebook

James Barnes, a Facebook employee embedded with the Trump campaign in 2016 (think about that a moment), has had second thoughts and is now working to promote Joe Biden at the political nonprofit Acronym. It produces digital media campaigns for progressive candidates and causes. By the end of summer, though, very few voters were undecided, so their campaigns weren’t making converts. One can only hope that the Trump campaign’s October efforts to outspend Biden on Facebook ads in several battleground states, according to this CNBC story, will fall flat too.
Read: PW Singer’s Like War: The Weaponization of Social Media.

The Voting Process

To be a state election official is to be plagued with nightmares. “We all knew we were headed into what would be a contentious election year,” said Arizona’s Secretary of State, Katie Hobbs, in a model of understatement in this Wired article by Lily Hay Newman. Plus, they know they have a derailing technical problem or two: In Georgia’s disastrous primary, for example, all 159 counties were using new machines for the first time. Plus, the pandemic. Officials have had to scramble to find polling places. Traditional venues—schools, community centers, churches—balked. Experienced poll workers? A vanishing species.

Texas election officials and a team of university-based computer scientists, Wired reports, have devised a way to use advanced encryption technology—homomorphic cryptography—to improve our notoriously vulnerable voting machines. (Just using the term, I’ve already approached the limit of my understanding of how it works.) The machine assigns a lengthy ciphertext to each vote and prints out a short identifier, akin to a bit.ly link. Voters can use these to verify their votes are “in there.” Part of the beauty is that votes do not need to be decrypted to be counted, so privacy is maintained.
Read: James McCrone;s Faithless Elector, about a member of the electoral college who doesn’t stick to the script or McCrone’s brand new book, Emergency Powers, about how far someone will go to hang on to the presidency. Hmmmmm.

Secure Vote Counting

In this election, several states will use “risk-limiting audits” to validate results. These methods link the scale of the audit to the victory margin. If a candidate wins big, even a small sample of randomly selected ballots can confirm the results. In closer contests, a larger sample is needed. Bottom line: Unfortunately, processes, equipment, and practices vary widely, state to state, and nationally, the lack of investment in improving them contributes to a loss of faith in our elections that eventually damages every one of us.

Good Covid Ideas from Bill Gates

Posted on by

Bill Gates has probably spent more time thinking about public health—not just in the developing world—than almost anyone who isn’t a medical epidemiologist. In a 2015 TED talk, he warned about the likelihood of a pandemic and his bottom-line was, “We’re not ready.”

Being right isn’t always gratifying. Yet, in the current issue of WIRED, Gates doesn’t cast blame on the skeptics. “We can do the postmortem at some point. We still have a pandemic going on, and we should focus on that.”

His message is for public officials and private industry alike. A particularly urgent need is for a rapid self-test for Covid 19. Most tests today, which require people to wait days for results, are essentially useless, Gates says, and a big barrier to quicker test results is the insurance reimbursement system. Tardy tests are reimbursed at the same rate as timely ones. Why not build in a financial incentive for speedy response and a penalty—including no reimbursement at all—for delayed results?

Another shortfall is that the US should help the vaccine companies build extra factories for the billions of doses that will be needed around the world if the pandemic is to be effectively stopped. Although this would be expensive, he says it’s a fraction of the money that will be lost in a tanking worldwide economy. “In terms of saving lives and getting us back to normal,” that expenditure is a smart and essential investment. Interesting.