We're working on an ultra private survey app (that interfaces with the plug-in we've been demonstrating) both to demonstrate some exciting features of our developer tool and to eventually provide you with an ultra private survey app. Spare ~2.5 for the high-level ideas and a basic demonstration - we will have more to say in coming weeks about what makes the level of privacy really unique.

Is all this surveillance actually good for productivity?

I always take a moment to think about whether something wrong is also impractical. No sense preaching when you can talk brass tacks.

We live in a time of totally unprecedented surveillance of workers by their employers. There is a general trend towards building panopticons just to do it, technology has made spying feasible that certainly wasn't before, and the pandemic has attenuated worries about what people are really doing at home.

Maybe... this is actually just a waste of time. There are ethical and regulatory objections, sure, but maybe its also just not going to work in the end. If you suggest that the reason people should work is only because the boss is watching, and signaling that you can't actually determine directly if sausage production is up or down, you will end up in a downward spiral pouring more and more resources into harassing employees that actually spend more and more of their time in malicious compliance.

Good organizations will always be fueled by shared goals and trust.

Thoughts on the CD Projekt Red Hack

Art imitates life, life imitates art, and why not in cybers0ecurity also?

No system should be regarded as unhackable, and if you are not a nation-state actor you should assume there are people out there with the muscle to hack you if they decide to do so. In an era where internet communities seem to have their own gestalt vitriolic intelligence, this creates a space for public relations and cybersecurity to feed each other in both directions.

For those out-of-touch with the gaming world, the boiling id of the internet has been angry with developer CD Projekt Red following the botched launch of its (unhealthily) highly-anticipated game Cyberpunk 2077.

https://www.cnbc.com/2021/02/09/cyberpunk-2077-game-developer-cd-projekt-red-hit-with-cyber-attack.html

Ripple and Regulatory Risk in Crypto

The biggest risk to crypto markets is artless regulation. You'll feel the hammer if it comes down, but developments thus far have failed to leave lasting financial impact...

Ripple was the current best case study in regulatory risk. A few weeks ago, the SEC made some unfavorable announcements about investigating whether XRP was really a securities offering for RippleLabs in disguise, and subsequently XRP plummeted. Today it is flirting with all time highs again and has a more or less vertical graph the past few days. So that regulatory danger is still there, but its hard to put to any enduring $$$ consequences so far.

Some common threads...

News broke this morning of a long running North Korean campaign targeting cybersecurity researchers on Twitter, roughly playing nice and engaging until they could build enough trust to pass on files containing malicious code.

There is often sideways movement in cybersecurity attacks - you might want to get into one computer to get leverage on another one. In this example, as in SolarWinds its looks like the right place to start breaking down cybersecurity is the cybersecurity community itself...

https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/amp/

A video worth rebroadcasting...

by Alexander Mueller

There is much that is topical in this story, both on the topic of the ups and downs of entrepreneurship viewed from inside and outside a company as well as some of the big issues of the moment the economic impact of Covid 19, geopolitical tensions with China, and just what sort of media the current technological climate can support.

On the surface level this fellow is asking for money. I will say I have watched their channel quite a bit and I was initially attracted to it exactly because of the mission he describes - trying to broadcast people's stories to a broader audience that might not otherwise get to learn.

November 2020 in Data Privacy: Schrems Guidance

For us here at Capnion, one of the most notable stories to track this past November was the ongoing regulatory situation in the European Union following the Schrems ruling. Quick review for the uninitiated: earlier this year, a judge in the European Union ruled ruled (in response to a suit filed by Maximilian Schrems) to invalidate a legal framework called Privacy Shield that Facebook and other companies had been using to determine adequate safeguards around wholesale movement of consumer personal data out of the EU. (The specific objection was that Privacy Shield did not do enough to protect EU citizens from surveillance by the United States government.) The present situation is something of a lingering, awkward limbo for companies that depended on Privacy Shield as there is not yet any clear successor.

There is some recent guidance from the European Data Protection Board this past month, though, on how to approach the issue and it is very favorable to Capnion and Ghost PII’s mode of approaching these problems. (The document itself is available here.) In several places this guidance draws a distinction between standards for tasks which require data to be in the clear (not encrypted or anonymized) vs. tasks that do not. Naturally, one has considerably more and better options for exporting personal data out of the EU if that data can stay encrypted the entire time.

This sort of thing is of course exactly what Capnion was founded to help you with: letting you accomplish more mission-critical tasks without need of data in the clear!

Hyperconvergence and the "Why?" of the Cloud

The rapid success of the cloud has created a sometimes confusing jungle of wrinkles around just how larger businesses should approach this trend... Is your organization in a position to go whole hog into the cloud? Or do you still need to keep some systems but not all on-prem, leading you to a "hybrid" cloud? Just why did you want to be in the cloud in the first place and in this all jargon what are the buzzwords that actually refer to the practices that will concretely benefit your business? "Hyperconvergence" is a big, intimidating term that could probably use a bit of demystification anyway and unpacking it provides a great window into the actually quite different reasons that different organizations might be interested in cloud computing.

The DoD JEDI cloud computing contract was an enlightening case study for me (and will likely continue to be). The military has some very conventional reasons it might want stay on-prem, including unique security concerns and the scale necessary to do a good job. The JEDI contract, for those that enjoy argument, was almost a contract to help DoD build on-prem and not in the "cloud" at all. Why the interest in the cloud? The answer I got asking around is in part that the military is interested in adoption of other technologies like machine learning consistently across a large and sprawling organization. It is the software layer that comes along with the cloud that really enables this and not any issue of where the data is hosted and who owns the physical server.

If there is something "hyper" in hyperconverged infrastructure that didn't get the name for marketing reasons, it is the hypervisor that creates and runs the virtual machines that then host the databases, servers, etc. more familiar to most engineers. Moving this task to a software layer, and not a hardware one, is a bit part of what makes the cloud scalable, cheap, and agile especially. Through this lens, you might say that cloud providers will important innovators in hyperconverged infrastructure, and what we called the cloud in the past was outsourcing of this new infrastructure. You might ask, though, if what you really wanted was to be on-prem but using the new software, and this is implicitly the sort of decision that the DoD made with the JEDI contract.

It seems like many large organizations drawn by the hype into hybrid cloud situations are having this kind of revelation. If you adopt the technologies used by the cloud providers for your own data center, particular those around virtualization and emphasis on the software layer, you might find that this is a better way to get at the value you thought "the cloud" was supposed to provide. It also makes your hybrid cloud environment much more workable when people inevitably need to collaborate across the true-cloud and on-prem components.

Hygiene for your favorite chat app...

Do you use a chat apps like WhatsApp, Signal, or Telegram? You might benefit from a few moments focused on how the security features in these apps work and how various settings impact your privacy and security posture.

Many common apps, including WhatsApp, Signal, and Telegram have a feature called end-to-end encryption. This feature has a reputation for being "unhackable" and whether this is true or false
it may have lulled even some powerful and sophisticated people into a false sense of security.

The idea of end-to-end encryption is that your chats are encrypted on your phone before they leave and they stay encrypted until they get to their intended destination. Hopefully, this encryption keeps anyone who might be snooping in the middle from learning about your conversation - in particular, the server that drives the app only needs to handle this encrypted data and lacks the power to snoop on you. Such a system, however powerful, eliminates just one of the many ways an interloper might try to spy on you.

The problem is that there is much that can go wrong on your phone before anything gets encrypted.
For example, many of these chat apps will back up your conversations to the cloud, and these backups are typically not encrypted at all. It is not uncommon that an app backs up to the cloud by default and thus does so without the knowledge of many users.

While not well known among users, it is not a secret that these backups exist and that they’re not encrypted. The history is that they’re not encrypted in part because law enforcement complained that encryption would make these backups difficult to use in investigations.

The next layer is that a bad actor could conceivably put malicious software on your phone that affects how these backups are handled (or otherwise changes the function of the app). This is approximately how the notorious gangster El Chapo was brought to justice, and recently it was revealed that Jeff Bezos was hacked when he opened a malicious link sent to him by, of all people, the Crown Prince of Saudi Arabia.

If you're privacy conscious, please be aware of how your phone is storing data from your chat apps, if you are backing up this data to the cloud, and be very careful about opening any links that anyone might send you (even links from foreign royalty).

Socioeconomic Class & Automation

Everyone and Yang are talking about a new wave of automation and the danger we might all be thrown jobless out on the street. The new wave of automation is real and there will be consequences, but there is systematic understanding of the past, present, and future history of automation. We are presently willfully misunderstanding the nature of the consequences. The missing puzzle piece is the banal yet always amazingly taboo topic Americans always use to misunderstand the world: social class.

Perhaps there is a wave in the sense that things are moving faster and more perceptibly than usual, yet replacement of jobs with automation is a process that has been going on continuously for 150 years. Vast changes in economies all over the world have occurred as artisans were put out of work to become factory workers, then factory workers were put out of work to move to the service industry. There are still people you might call artisans, and there are certainly still factory workers, yet today Americans overwhelmingly work service jobs in a way that would be shocking to a time traveler. Many of us are already busying ourselves in jobs a previous generation might find to be surreal make-work.

This is not to say, however, that this journey was a good time for everyone. Rivers of ink have been spilled examining the consequences (economic, social, cultural, religious, everywhere!) of the disintegration of the artisan class, especially in Europe. Many felt that the new lifestyle technology had handed them was less dignified, and more tangibly that it induced a degrading level of social hierarchy (and inequality of wealth and income) that they would be better off without. People were angry, and like today there was a vitriolic populist politics to express their anger. We will always struggle to really empathize with that shift because we have only known the world they regarded as a plummet into disaster.

What is different today? The answer again revolves around social class. In the past, those who were most affected had a disproportionately small voice in public discourse. Those with jobs requiring education - jobs intimately requiring advanced literacy and numeracy - were relatively safe. These are also the jobs that grant privilege in public conversation. Journalism, which you might say has been partially automated disruptively by information technology, is an excellent prototype.

People will keep inventing new work for other people and people will keep finding ways to re-purpose their skills. What will change is the nature of our socioeconomic hierarchy… past history suggests it will become steeper and more stratified, and it is a whole other line of common public conversation that we are quite deep into this trend already. There is nothing new here, but an ancient thing that we perceive selectively.

Blockchain vs. GDPR

Bad news: there are fundamental conflicts between blockchain, at least in its original form, and data privacy regulations like GDPR. Good news: these conflicts provide a good opportunity to learn about what is actually contained in both.

The core property of blockchain that is novel and has been important for non-scam applications is immutability. If you have a network that is working properly, a bit of information you put on the blockchain will stay there unchanged. You will not be able to take it back, and no one else will be able to tamper with it either. This was important for the prototypical blockchain application, cryptocurrency, as it was necessary to hold people’s feet to the fire regarding their transactions - if I can change or retract what I put on the blockchain, I can undo my spending after I have run off with the goods and then double-spend my coins.

A few newer brands of blockchain (EOS comes to mind) have methods for retracting transactions, but these are controversial. For human and technical reasons, take-backsies on blockchain transactions may always range from slow and difficult to impossible.

On the GDPR side, a key privacy provision is the right to be forgotten - you can write to Google or Facebook and tell them to delete all the information they have about you. This clause has proven influential and has been incorporated into newer laws like California’s CCPA, and it will likely be imitated again in the future. From a concrete information technology standpoint, forgetting someone means going into your database to delete all the records related to them and their relationship with your business. A blockchain is really just an immutable database, so if you are using a blockchain in your technology stack right to be forgotten vs. immutability is a real headache. Immutability is explicitly a “real pain-in-the-ass to delete things” property, and this is a problem if you are legally required to delete things on request.

There are some things that can be done to mitigate these problems but at the end of the day it is actually the essential, novel property of blockchains that is the problem.

The slow, alienated death of blockchain

As a preface to this, there are good people doing great things with blockchain in good faith and this is not an essay targeting these people but a polemic in their defense. There are too many people, though, lost in fog about what blockchain is and not enough people telling the truth about what it is not.

It would be crazy to say you won’t hear about blockchain again, and perhaps the worst blockchain fatigue is ahead of us. Rather, we have arrived at an inflection point where the emerging viral big idea is that blockchain has lost its way, been applied to problems for which it has no utility, carelessly dropped as a buzzword with no meaning, incorporated into all manner of scams, not only over-hyped but radically mis-hyped, and warped by these trends into something that will now struggle to fulfill its original real potential.

The amazing power of blockchain has been its power purely as a word - a word about which one can say anything, arbitrarily disingenuous or poorly informed, and profit from the statement presuming the claim is sufficiently grandiose, intimidating, and FOMO-inducing. There is apparently vast power for “disruption” in using blockchain to record supply chain information where a centralized server would be demonstrably superior. Apparently, blockchain has a unique relationship with quantum computing despite being composed of very conventional classical cryptography. Apparently, blockchain can save your business by “decentralizing” when your business was really an effort at centralization by its very nature and no one can even explain in plain English what decentralization means and why it is good business. Apparently, blockchain can hugely improve your information security by reproducing your sensitive data across many servers each with the same vulnerabilities as any other centralized server. By etymology, to say something is apparent suggests it has appeared, but we are still waiting and we will continue to wait forever because these claims range from optimistic distortions to outright lies.

There are a great many lies that have become so pervasive that they have been widely repeated by honest people. This is a real tragedy, and this essay is not a polemic targeting these people but a polemic in their defense.

Blockchain came into the world in step with “decentralization” and if we actually maintain discipline about what these words mean, this is absolutely sensible and correct. The problem is much of the wealth and power in our society is centralized and the power of blockchain as a word is too useful a tool in chasing it. Corporations are centralized organizations - decentralization is what the Department of Justice does to your firm if it decides you don’t have enough competition to treat consumers decently. Governments are centralized organizations - decentralization is what happens when people decide they’ve had enough and find ways to be governed less and more locally. Venture capital firms are centralized organizations - if you take the money of a group of wealthy investors and centralize it one place to invest all at once, you’re on the way to founding a venture capital firm. One can’t say that blockchain will never have anything to offer these groups, but many promises made could never have been anything but empty because decentralization is contrary to the nature of these organizations. And neither centralization nor decentralization is intrinsically good or bad.

Too many organizations have been presented with blockchain the magical spell, the voodoo word for inciting fear of falling behind the times and missing out. Blockchain has been presented to many in bad faith not as information technology but as psychological manipulation. It is well attested the companies that have merely added blockchain to their name have seen their stock price soar, in some cases criminally (in the literal sense) absent any effort to implement any version of the real technology at all. Any application you might pitch to an investor that involves a database might as well involve a blockchain, and such is the power of the word that many can’t resist. But why did your application need to be on the blockchain? It didn’t, and it may have been a poor architecture decision that it was.

Experimentation in blockchain architecture continues, and while much of it is interesting and valuable, there is a sector that strongly resembles efforts to find a centralized server that resembles a blockchain enough to avoid lawsuits. Why be bothered to work with the challenging, real technology when one can work with the awesome persuasive power of the word alone?

Blockchain is not dying in the sense that it will disappear tomorrow. It is dying in the sense that it is mutating carelessly towards no constructive end, wasting time and money and human intellect and human emotion as it does. The real tragedy is that it is dying not because it has no potential but because no one can resist the potential it does not have.

Approaching "Big P.I.I."

Is your pet’s name P.I.I. (personally identifiable information)? In the era where data is bought, sold, and reaggregated the answer has to be “Yes!” If you find yourself asking whether something is P.I.I. then you should probably treat it as such.

A few years ago, it would have been silly to take a stand saying that your pet’s names are your P.I.I. Perhaps what we all didn’t quite anticipate was how the data we share over here, the data we share over there would likely be reunited in a single file by one of the many firms that aggregates and resells data. There are many bits of information about you that seem innocuous, certainly not so obviously compromising as an SSN or credit card number, but the reality is that when all the available information is collected about you, every little bit matters.

The world of 2019 has a lot more people than names, and when you think about it we end up using odd bits of information in maintaining our identity. Your bank may ask you where you met your partner, the names of pets, etc. and I am sure that each reader can come up with some more examples of their own. This is in part an effort to avoid more circulation of more intrinsically dangerous information like government ID numbers, but the result is that all these little facts then become and stay sensitive. If you could tell Facebook your cat’s name and Robinhood where you bank without them comparing notes behind your back, the situation would not be so bad, but this sort of behind the scenes aggregation is a pervasive part of the data economy and it is unlikely to go anywhere soon.

To change resolution a bit, there will always be a lot of other people out there with personal information that looks a bit like yours - same name, similar address, and so on - and there will always be someone digging a bit deeper for that last piece of data that identifies you the human uniquely. There are all manner of organizations working on this all the time, with motives both friendly and hostile to you, and they are eager to get that marginal value out of the names of your pets. And it should be noted that there have already been notable breaches of large aggregated datasets of information on millions of consumers with details including information on pets and more.

Until there is a major change in the regulatory climate, or some other seismic shift, definitions of P.I.I. must become more and more expansive. If you can use it to tell the difference between you and someone else that shares your name, someone will use it for this purpose, and anyone you share it with might decide to hoard it until it becomes interesting later - interesting to them, or interesting to someone else who wants to buy it.

CapitalOne and the cloud's shades of gray

Much of the propaganda for taking your data into the cloud has a “the cloud is the same, but cheaper” flavor - while this is not a terribly inaccurate four words, the CapitalOne breach does expose some wrinkles that the cloud creates for security governance. What follows is an attempt at spotlighting what these wrinkles are and what business leaders should know about them in a heuristic, minimally technical way.

Talking about “inside vs. outside” is a good lens for thinking about the extra administration burdens of the cloud. If you keep your data on-prem, operating your own data center and using it only for the data of your business, you might be blessed with a very cut-and-dried inside and outside. Your data is in a particular building, not mixed together with anyone else’s, probably protected by a firewall with a footprint more or less identical to the footprint of that building. There are less shades of gray on-prem and it is likely you created them up yourself.

If you keep your data in the cloud, there are some more potential shades of gray about inside and outside, and errors in managing shades of grey is how CapitalOne was left vulnerable. Your cloud environment is in a building with other people’s cloud environments, and maybe your cloud environment is actually a virtual server on a computer that is also simulating the cloud environments of other businesses. There might be, in principle, multiple firewalls in play (perhaps for the data center, a given physical server, and a virtual server it simulates) and there might be multiple different sets of rules governing how different servers, virtual and real, interact with these various firewalls. You can talk about inside vs. outside your virtual machine, your physical machine, a data center, a platform… This might sound a little trite and silly absent detail, and detail is unfortunately something the CapitalOne story can provide.

The CapitalOne breach exploited a misconfigured firewall, and in particular a misconfiguration that wrongly allowed CapitalOne’s servers to talk to a back-end resource inside Amazon Web Servers. This is the inside vs. outside heuristic starting to break down - the AWS resource was outside CapitalOne but still inside of Amazon. CapitalOne was secure relative to the all-the-way outside world, but assigned too much permission to an intermediate layer of systems designed to be friendly to users inside AWS, and there are in fact all kinds of actors using AWS with all kinds of motivations. One of them decided to steal data.

To return to the metaphor a moment, CapitalOne’s configuration treated AWS like a safe “inside” space, and the reality is that the cloud exposes you to systems that are neither so safe as the pure “inside” nor so dangerous as the pure “outside” of an on-prem data center. Secure use of the cloud requires recognition of shades of gray and the security risks that each presents.