New Role At WiPro

I’ve news. Starting today, I will be working full time in a new role. I’m now a Director at the global consulting firm WiPro in their Open Source practice, advising both customers and implementation teams on open source issues concerning software selection, community engagement, license compliance and more. You’ll find me at a variety of conferences and events, and I’ll continue to write for InfoWorld and others.

I’ve always wondered why SIs and outsourcing consultants didn’t use more open source in their solutions. It keeps solutions more flexible for their clients, reduces the overall cost of ownership and ensures end-of-life migrations are easier. WiPro is taking the lead among high-scale consulting firms applying the insights and benefits of open source software to its customer engagements. I’m looking forward to helping WiPro’s customers worldwide gain these benefits and avoid having their software solutions unnecessarily intermediated by copyright owners.

Who Else Listens To Your TV?

Samsung’s Smart TV listens to everything you say all the time you have voice control enabled. No surprise there. But Samsung’s Terms warn that it’s likely to be sending all that audio to a service provider for analysis, rather than analysing it in your TV.

That’s got plenty of people worried, but Samsung aren’t concerned. They sent me their canned press response, which starts:

Samsung takes consumer privacy very seriously. In all of our Smart TVs, any data gathering or their use is carried out with utmost transparency and we provide meaningful options for consumers to freely choose or to opt out of a service. We employ industry-standard security safeguards and practices, including data encryption, to secure consumers’ personal information and prevent unauthorized collection or use.

I’m sure that is all true. Samsung has a large investment in technical experts of all kinds. All the same, the key phrase there is “prevent unauthorized collection or use”. Why? Well, let’s carry on with their response.

Voice recognition, which allows the user to control the TV using voice commands, is a Samsung Smart TV feature, which can be activated or deactivated by the user. Should consumers enable the voice recognition capability, the voice data consists of TV commands, or search sentences, only. Users can easily recognize if the voice recognition feature is activated because a microphone icon appears on the screen.

That’s not exactly what the Terms say; they note that “if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted”. So we’re not just talking about the sort of data Google Now or Siri sends to their service provider (the phrase after you have started the voice recognition). Samsung also sends the commands themselves, plus any conversation around them. From that description, it seems the whole stream of conversation is likely to be sent.

Samsung does not sell voice data to third parties. If a consumer consents and uses the voice recognition feature, voice data is provided to a third party during a requested voice command search. At that time, the voice data is sent to a server, which searches for the requested content then returns the desired content to the TV.

The fact the data is not sold is good. I would expect no less from Samsung in this circumstance. But there is a use case that is conspicuously excluded from both their statement and the Terms.

What about requests for interception? The data may be encrypted to prevent “unauthorised collection or use” but what about authorised use, when a legal authority in one of the countries involved in the transaction requests access to the raw audio? In the USA, the Third Party Doctrine would allow security and law enforcement services to request access without a warrant. Given the service provider appears to be a US company, even if the customer is in a country where interception locally would be illegal, the NSA (or any of a myriad other US organisations) could still collect on their behalf.

Tim Cushing thinks this is at least gated by the need for the device ID but I think that overlooks the strategy used by the US & UK security services. They separate bulk data collection and later data analysis, treating only the latter as surveillance in need of a warrant. I would not be at all surprised if Samsung’s service providers at some point get an order to tee all their audio inputs through the NSA, using an order of which Samsung may not even be aware. This would not be for immediate analysis, just for pooling and later use once a device ID is obtained by other means.

I asked Samsung to clarify their position on law enforcement use of their streaming audio data, and to clarify whether they had ever received requests for it. So far I’ve had no reply to my questions. I suspect that’s because they have not considered the issue. I think more people need to ask them and their service providers, and their competitors who offer the same services.

You say you have nothing to hide? When a joke you made over dinner is flagged by an algorithm and a clipping provided to a busy police analyst out of context leads to a visit by a SWAT team “just in case”, will you still think that? We need this privacy exposure nipped in the bud, given we have police with a SWAT first and don’t apologise later attitude. Some innocent comment caught by a TV is going to lead to a tragedy otherwise.

Legislating For Unicorns

When Julian Huppert MP (Lib-Dem) asked the Home Secretary Theresa May MP (Con) if banning encryption – as the Prime Minister had been interpreted as saying – is “genuinely what the Home Secretary wants to do?”, she evaded him with her answer.

I remain convinced her and the Cabinet’s position on encryption is based on a non-technical misinterpretation of detailed advice from within the Home Office. Her response, and other responses by her colleagues and by the US government, imply that the security officialdom of the US & UK believes it can resurrect “golden key” encryption where government agencies have a privileged back door into encryption schemes. That’s what’s encoded in her replies as “there should be no safe spaces for terrorists to communicate.” Think “Clipper chip“. As Ryan Paul comments,

More telling though is the insecurity the Conservative Party exhibits on the subject. Unwilling to discuss the matter in a balanced way, party mouthpiece Julian Smith MP descends to ad hominem against deputy Prime Minister Nick Clegg MP (LD), in the process also exhibiting the hypocrisy of the unconvinced apologist. Sadly Mrs May rewards rather than rejects his question.

In a sequence of questions and answers in the same debate – which cannot conceivably have been unplanned – Conservatives ask party-political questions of the Home Secretary, to which she responds with unashamed electioneering. When this tactic is used – accusing an opponent of a fault you exhibit yourself far more than they do – it is always an attempt to conceal your own lack of validity.

Clegg’s crime was to assert that freedom and security are not inherently incompatible:

“I want to keep us safe. It’s ludicrous this idea that people who care about our freedom don’t care about our safety.

“What I will not do, because it is not proven, is say that every single man, woman and child should have data about what they get up to online kept for a year.”

For Conservative MPs to call that “disgraceful” is extremely revealing, both of their lack of comprehension of the issues and the cynicism with which they intend to manipulate the misapprehensions of Middle England for electoral gain. I’ve met no-one who seriously asserts the security services should be unable to secure warranted access to specific communications of those suspected of a crime. That capability is obviously justifiable in a democracy.

But the Communications Data Bill and proposals for “golden keys” go much further than is reasonable and balanced. What defenders of freedom seek is not insecurity; we instead seek transparency, accountability and proportionality, all in a form open to any citizen to scrutinise and challenge.

When Mrs May (and Labour’s Jack Straw MP, and others) refuse that democratic oversight and accuse its proponents of partisanship and irresponsible disregard of security, their own ad hominems and party partisanship reinforce the case rather than diminish it. It’s time for an adult debate informed by technological realities, instead of this opportunism and electioneering.

How To Safeguard Surveillance Laws

This letter was published in the London Evening Standard on January 12th, 2015:

I watch with alarm as, in the wake of the barbaric murders in France, politicians seek increased surveillance powers for the security services.

Surveillance is not always wrong; far from it, our democracy has long allowed accountable public servants to temporarily intrude on individuals they believe to be a threat.

My alarm arises for two reasons:

  • The powers requested in recent attempts at new law are open-ended and ill-defined. They lack meaningful oversight, transparency or accountability. They appear designed to permit the security services free rein in making their own rules and retrospectively justifying their actions.
  • The breadth of data gathered – far beyond the pursuit of individuals – creates a risk of future abuse, by both (inevitable) bad actors and people responding to future moral panic. Today’s justifications – where offered – make no accommodation for these risks.

Voters should listen respectfully but critically to the security services’ requests. Our representatives must ensure that each abridgement of our liberties is ring-fenced:

  • justified objectively using public data,
  • governed with impartial oversight, and
  • guarded by a sunset clause for both the powers and all their data by-products.

If the defence of free speech fatally abrades other liberties we are all diminished.

Yours faithfully

Simon Phipps

Any Revolution Can Be Repurposed

In fact this memorial to one — involving three days of killing in Paris over free speech for the press and a death sentence for blasphemy — has been:

Liberty and Vigilance
The July Column in the Place de la Bastille in Paris – itself dedicated to the celebration of liberty after the French Revolution – was erected in memory of the fallen of the later July Revolution of 1830. It’s not too far from the offices of Charlie Hebdo.

The July Revolution comprised three days of fighting in Paris, primarily on free speech grounds against state censorship. Charles X, France’s last hereditary monarch, had imposed the death penalty for blasphemy against Christianity. He also suspended the liberty of the press and dissolved the newly elected Chamber of Deputies.

Today, the column is used as a platform for surveillance cameras. We must be on our guard against similar repurposing today.

Careless Stereotyping

Ramadan LanternsI’ve been privileged to travel widely, and have had conversations with educated people in several countries where Islam is the norm. On one visit to the Levant, one of my acquaintances made statements starting “Christians should…”. I was taken aback. After all, what characteristic do all Christians have in common?

When you eliminate all the doctrines that are contested, balance for those who support right- and left-wing politics, allow for two millennia of schisms and state co-option and factor the micro-fragmentation of the protestant portion of Christendom, the only thing left in common is the syllable “Christ”. I realised the term was being used as shorthand for a stereotype, embracing everyone far away in the western world, summarising a set of sketchy facts mixed with biases and misunderstandings.

So when we in the west who are not adherents to Islam speak of “Muslims”, who are we talking about? We are doing the same thing my acquaintance in the Levant did; taking countless unfamiliar people who we consider “different” and tagging them with a word that doesn’t mean much to us but does allow the application of a stereotype.

More than that, it’s a bad stereotype. Just like calling everyone in the western world “Christian”, I have a problem with the attribution of any motive or collective responsibility to the 1.6 billion people who actually are Muslims, or of a unified strategy by the 49 countries where they are the majority, let alone to the others caught up in the stereotype’s dragnet (many of whom are in fact Christians, as well as other religions).

To say “Muslims should…” is to immediately use an impossible generalisation, to invoke a stereotype, to validate the rhetoric of discrimination and to indicate unfamiliarity with people who might fall into the classification (as well as to covertly engage in ignorant proselytism as some of the conversations I’ve followed this weekend illustrated).

How can discussion of a statement that starts something like “Muslims should…” by people who are not Muslims do anything other than harm? Given the number of people, of countries, who are tarred with that brush, certainly nothing actionable could arise from it. That’s why, when I hear people ascribing actions or motivations to “Muslims”, I now respond: “which Muslims, where, and how do you know?”

Responding to terrorism

charlie

I am appalled and horrified by the wicked and murderous attack on Charlie Hebdo in Paris. Settling scores with violence is the recourse of ignorant, cowardly barbarians – lower than animals. I am heartbroken for every person affected.

This was without doubt intended as an act of terrorism. But I refuse to be terrorised and decline the opportunity to hate. What does that mean practically? Terrorism is like a pernicious auto-immune disease to which it is easy to succumb. It seeks to provoke us into destroying ourselves.

  • To respond with attempts to make society less open is to succumb.
  • To respond with advocacy for or against religion is to succumb.
  • To respond with hatred of anything except terrorism is to succumb.
  • To respond by advocating racism and disrespect for anyone is to succumb.
  • To blame the victims is to succumb.

We should respond to this act of hate, which is as indefensible to anyone who embraces one of the world’s religions as to those who reject them all, by ensuring we do not succumb to the self-destructive reactions perpetrators of terrorism want to provoke. The best response is to strengthen the open, fair and tolerant society that terrorism seeks to destroy.

[This formed the seed for my column in InfoWorld]

Follow

Get every new post delivered to your Inbox.

Join 7,286 other followers

%d bloggers like this: