• Home
• About
• Writers
• Landscape
• Wizards Index
• Fraud
• Wanna Be Like Larry?

Who Remembers Palantir or Anduril? Maybe Peter Thiel?

Despite sci-fi stoked fears about artificial general intelligences (AGI) taking over the world, CNBC reports, “Palantir’s Peter Thiel Thinks People Should Be Concerned About Surveillance AI.” Theil, co-founder of Palantir and investor in drone-maker Anduril, is certainly in the position to know what he is talking about. The influential venture capitalist made the remarks at a recent event in Miami. Writer Sam Shead reports:

“Tech billionaire Peter Thiel believes that people should be more worried about ‘surveillance AI’ rather than artificial general intelligences, which are hypothetical AI systems with superhuman abilities. … Those that are worried about AGI aren’t actually ‘paying attention to the thing that really matters,’ Thiel said, adding that governments will use AI-powered facial recognition technology to control people. His comments come three years after Bloomberg reported that ‘Palantir knows everything about you.’ Thiel has also invested in facial recognition company Clearview AI and surveillance start-up Anduril. Palantir, which has a market value of $48 billion, has developed data trawling technology that intelligence agencies and governments use for surveillance and to spot suspicious patterns in public and private databases. Customers reportedly include the CIA, FBI, and the U.S. Army. AGI, depicted in a negative light in sci-fi movies such as ‘The Terminator’ and ‘Ex Machina,’ is being pursued by companies like DeepMind, which Thiel invested in before it was acquired by Google. Depending on who you ask, the timescale for reaching AGI ranges from a few years, to a few decades, to a few hundred years, to never.”

Yes, enthusiasm for AGI has waned as folks accept that success, if attainable at all, is a long way off. Meanwhile, Thiel is now very interested in crypto currencies. For the famously libertarian mogul, that technology helps pave the way for his vision of the future: a decentralized world. That is an interesting position for a friend of law enforcement.

Cynthia Murrell, November 4, 2021

Rogue in Vogue: What Can Happen When Specialized Software Becomes Available

I read “New York Times Journalist Ben Hubbard Hacked with Pegasus after Reporting on Previous Hacking Attempts.” I have no idea if the story is true or recounted accurately. The main point strikes me that a person or group allegedly used the NSO Group tools to compromise the mobile of a journalist.

The article concludes:

Hubbard was repeatedly subjected to targeted hacking with NSO Group’s Pegasus spyware. The hacking took place after the very public reporting in 2020 by Hubbard and the Citizen Lab that he had been a target. The case starkly illustrates the dissonance between NSO Group’s stated concerns for human rights and oversight, and the reality: it appears that no effective steps were taken by the company to prevent the repeated targeting of a prominent American journalist’s phone.

The write up makes clear one point I have commented upon in the past; that is, making specialized software and systems available without meaningful controls creates opportunities for problematic activity.

When specialized technology is developed using expertise and sometimes money and staff of nation states, making these tools widely available means a loss of control.

As access and knowledge of specialized tool systems and methods diffuses, it becomes easier and easier to use specialized technology for purposes for which the innovations were not intended.

Now bad actors, introductory programming classes in many countries, individuals with agendas different from those of their employer, disgruntled software engineers, and probably a couple of old time programmers with a laptop in an elder care facility can:

• Engage in Crime as a Service
• Use a bot to poison data sources
• Access a target’s mobile device
• Conduct surveillance operations
• Embed obfuscated code in open source software components.

If the cited article is not accurate, it provides sufficient information to surface and publicize interesting ideas. If the write up is accurate, the control mechanisms in the countries actively developing and licensing specialized software are not effective in preventing misuse. For cloud services, the controls should be easier to apply.

Is every company, every nation, and every technology savvy individual a rogue? I hope not.

Stephen E Arnold, October 25, 2021

Digital Shadows Announces Social Monitor

Deep fakes? They are here and Digital Shadows has a service for those who live in fear of digital manipulation.

Bad actors often pose as corporations’ executives and other key personnel on social media. Sometimes the goal is to damage the target’s reputation, but more often it is to enact a phishing scheme. Either way, companies must put a stop to these efforts as soon as possible. We learn there is a new tool for that from, “Digital Shadows Launches SocialMonitor—a Key Defense Against Executive Impersonation on Social Media” posted at PR Newswire. The press release tells us:

“All social media platforms will take down fake accounts once alerted but keeping on top of the constant creation of fake profiles is a challenge. SocialMonitor overcomes these challenges by adding targeted human collection to SearchLight’s existing broad automated coverage. Digital Shadows customers simply need to register key staff members within the SearchLight portal. Thereafter, users will receive ‘Impersonating Employee Profile’ alerts which will be pre-vetted by its analyst team. This ensures that organizations only receive relevant notifications of concern. Russell Bentley at Digital Shadows comments: ‘Fake profiles on social media are rife and frequently used to spread disinformation or redirect users to scams or malware. Social media providers have taken steps such as providing a verified profile checkmark and removing fake accounts. However, there is often too long a window of opportunity before action can be taken. SocialMonitor provides organizations with a proactive defense so that offending profiles can be taken down quickly, protecting their customers and corporate reputation.’”

Note this is yet another consumer-facing app from Digital Shadows, the firm that appears to be leading the Dark Web indexing field. Curious readers can click here to learn more about SocialMonitor. Digital Shadows offers a suite of products to protect its clients from assorted cyber threats. Based in San Francisco, the company was founded in 2011.

Cynthia Murrell October 19, 2021

Voyager Labs Expands into South America

Well this is an interesting development. Brazil’s ITForum reports, “Voyager Labs Appoints VP and Opens Operations in Latin America and the Caribbean.” (I read and quote from Google’s serviceable translation.)

Voyager Labs is an Israeli specialized services firm that keeps a very low profile. Their platform uses machine learning to find and analyze clues to fight cyber attacks, organized crime, fraud, corruption, drug trafficking, money laundering, and terrorism. Voyager Labs’ clients include private companies and assorted government agencies around the world.

The brief announcement reveals:

“Voyager Labs, an AI-based cybersecurity and research specialist, announced this week the arrival in Latin America and the Caribbean. To lead the operation, the company appointed Marcelo Comité as regional vice president. The executive, according to the company, has experience in the areas of investigation, security, and defense in Brazil and the region. Comité will have as mission to consolidate teams of experts to improve the services and support in technologies in the region, according to the needs and particularities of each country. ‘It is a great challenge to drive Voyager Labs’ expansion in Latin America and the Caribbean. Together with our network of partners in each country, we will strengthen ties with strategic clients in the areas of government, police, military sector and private companies’, says the executive.”

We are intrigued by the move to South America, since most of the Israeli firms are building operations in Singapore. What’s Voyager know that its competitors do not? Not familiar with Voyager Labs? Worth knowing the company perhaps?

Cynthia Murrell, October 14, 2021

Key Words: Useful Things

In the middle of nowhere in the American southwest, lunch time conversation turned to surveillance. I mentioned a couple of characteristics of modern smartphones, butjec people put down their sandwiches. I changed the subject. Later, when a wispy LTE signal permitted, I read “Google Is Giving Data to Police Based on Search Keywords, Court Docs Show.” This is an example of information which I don’t think should be made public.

The write up states:

Court documents showed that Google provided the IP addresses of people who searched for the arson victim’s address, which investigators tied to a phone number belonging to Williams. Police then used the phone number records to pinpoint the location of Williams’ device near the arson, according to court documents. 

I want to point out that any string could contain actionable information; to wit:

• The name or abbreviation of a chemical substance
• An address of an entity
• A slang term for a controlled substance
• A specific geographic area or a latitude and longitude designation on a Google map.

With data federation and cross correlation, some specialized software systems can knit together disparate items of information in a useful manner.

The data and the analytic tools are essential for some government activities. Careless release of such sensitive information has unanticipated downstream consequences. Old fashioned secrecy has some upsides in my opinion.

Stephen E Arnold, October 7, 2021

NSO Group and Collateral Damage: Shadowdragon

The NSO Group has captured headlines and given a number of journalists a new beat to cover: Special service vendors. This phrase “specialized service vendors” is the one I use to capture the market niche served by companies as diverse as Anduril to Voyager Labs. Most of these firms walk a fine line: Providing enough public information so that a would-be customer like a government agency can locate a contact point to staying out of the floodlights looking for next NSO Group to research and write about.

I read “Shadowdragon: Inside the Social Media Surveillance Software That Can Watch Your Every Move.” The exposé appearing in the The Intercept follows a predictable pattern: Surveillance, law enforcement, technology, sources, similar software (in this story Kaseware), and rights violations.

A Wall Street Journal reporter is allegedly working on a book that will surf on the the NSO Group’s tsunami of surveillance shock.

I have spelled out three concerns about what I call the conversion of NSO Group from a low-profile outfit to the poster child for misuse of certain types of technology. Let me recap these:

1. SNOWDEN. Edward Snowden’s oath to keep information secret was broken with his notable data dump. Some of these 2013 materials provided sufficient information about specialized software and services to create or release a desire to know more about the market segment.
2. CITIZENS LAB. In 2016 Citizen’s Lab kicked off its coverage of the specialized software niche with “The Million Dollar Dissident: NSO Group’s iPhone Zero Days Used against a UAE Human Rights Defender.”
3. PITCHING NSO. In 2017, Francisco Partners’ mounted an effort to sell NSO Group for an asking price of around $1 billion. Venture and finance types perked up their ears. Some asked, “What’s this specialized service cyber software?”
4. BOOK. In 2019, Shoshana Zuboff published “The Age of Surveillance Capitalism,” which provided a “name” to some of the specialized software functions.

Reporters, activists, researchers, academics, and companies not previously aware of the specialized service sector are now chasing information. Unlike some commercial market sectors, funds are available. The appetite for advanced software and services is growing.

Now back to the company named associated by some with an insect. What impact will the Intercept write up have. I don’t know, but I have three ideas:

First, the company will become a subject of interest for some; for example, an investigative reporter working on a book about the specialized service sector.

Second, non-LE and intel-related organizations will express an interest in licensing the software and gaining access to the firm’s database and other technology. (Voyager Labs has explored selling its software for “marketing.”)

Third, the company’s willingness to market its products and services more aggressively may be reduced. Shadowdragon advertised for a marketing professional, presumably to support the company’s sales efforts. One of the firm’s senior managers posts on LinkedIn in order to express support for certain activities and retain visibility in that Microsoft owned service.

From my narrow point of view, some information should not be exposed to the public; for example, the Snowden dump. And some of the marketing activities of specialized service providers should be wound back to the low profile activities of the pre-911 era.

Unfortunately it may be too late. Commercial success may be more important than creating solutions which support LE and intelligence operations. Today anyone can enjoy useful tools. Check out Hunchly OSINT or Maltego. Explore what these tools can do.

Will Shadowdragon become collateral damage as a consequence of NSO Group?

Stephen E Arnold, September 23, 2021

Alleged DHS Monitoring of Naturalized Citizens

Are the fates of millions of naturalized immigrants are at the mercy of one secretive algorithm run by the Department of Homeland Security and, unsurprisingly, powered by Amazon Web Services?

The Intercept examined a number of documents acquired by the Open Society Justice Initiative and Muslim Advocates through FOIA lawsuits and reports, “Little-Known Federal Software Can Trigger Revocation of Citizenship.” Dubbed ATLAS, the software runs immigrants’ information through assorted federal databases looking for any sign of dishonesty or danger. Journalists Sam Biddle and Maryam Saleh write:

“ATLAS helps DHS investigate immigrants’ personal relationships and backgrounds, examining biometric information like fingerprints and, in certain circumstances, considering an immigrant’s race, ethnicity, and national origin. It draws information from a variety of unknown sources, plus two that have been criticized as being poorly managed: the FBI’s Terrorist Screening Database, also known as the terrorist watchlist, and the National Crime Information Center. Powered by servers at tech giant Amazon, the system in 2019 alone conducted 16.5 million screenings and flagged more than 120,000 cases of potential fraud or threats to national security and public safety. Ultimately, humans at DHS are involved in determining how to handle immigrants flagged by ATLAS. But the software threatens to amplify the harm caused by bureaucratic mistakes within the immigration system, mistakes that already drive many denaturalization and deportation cases.”

DHS appears reluctant to reveal details of how ATLAS works or what information it uses, which makes it impossible to assess the program’s accuracy. It also seems the humans who act on the algorithm’s recommendations have misplaced faith in the accuracy of the data behind it. The article cites a 2020 document:

“It also notes that the accuracy of ATLAS’s input is taken as a given: ‘USCIS presumes the information submitted is accurate. … ATLAS relies on the accuracy of the information as it is collected from the immigration requestor and from the other government source systems. As such, the accuracy of the information in ATLAS is equivalent to the accuracy of the source information at the point in time when it is collected by ATLAS.’ The document further notes that ‘ATLAS does not employ any mechanisms that allow individuals to amend erroneous information’ and suggests that individuals directly contact the offices maintaining the various databases ATLAS uses if they wish to correct an error.”

We are sure that process must be a piece of cake. The authors also report:

“Denaturalization experts say that putting an immigrant’s paper trail through the algorithmic wringer can lead to automated punitive measures based not on that immigrant’s past conduct but the government’s own incompetence. … According to [Muslim Advocates’ Deborah] Choi, in some cases ‘denaturalization is sought on the basis of the mistakes of others, such as bad attorneys and translators, or even the government’s failures in record-keeping or the failures of the immigration system.’ Bureaucratic blundering can easily be construed as a sign of fraud on an immigrant’s part, especially if decades have passed since filling out the paperwork in question.”

Worth monitoring. Atlas may carry important payloads, or blow up on the launch pad.

Cynthia Murrell, September 9, 2021

TikTok: No Big Deal? Data Collection: No Big Deal Either

Here’s an interesting and presumably dead accurate statement from “TikTok Overtakes YouTube for Average Watch Time in US and UK.”

YouTube’s mass audience means it’s getting more demographics that are comparatively light internet users… it’s just reaching everyone who’s online.

So this means Google is number one? The write up points out:

The Google-owned video giant has an estimated two billion monthly users, while TikTok’s most recent public figures suggested it had about 700 million in mid-2020.

Absolutely. To me, it looks as if two billion is bigger than 700 million.

But TikTok has “upended the streaming and social landscape.”

How? Two billion is bigger than 700 million. Googlers like metrics, and that’s a noticeable difference.

I learned that the average time per user spent on the apps is higher for TikTok than for YouTube. TikTok has a high levels of “engagement.”

Google YouTube has more users, but TikTok users are apparently more hooked on the short form content from the quasi-China influenced outfit.

Advertisers will care. Retailers who want to hose users with product pitches via TikTok care.

Data harvesters at TikTok will definitely care. The more time spent on a monitored app provides a more helpful set of data about the users. These users can be tagged and analyzed using helpful open source tools like Bootleg.

Just a point to consider: How useful will time series data be about a TikTok user or user cluster? How useful will such data be when it comes time to identify a candidate for insider action? But some Silicon Valley wizards pooh pooh TikTok data collection. Maybe a knowledge gap for this crowd?

Stephen E Arnold, September 9, 2021

Protonmail Anecdote

Protonmail has been mentioned in come circles as a secure email service. Users pay to use the system. I have included it in my lectures about online messaging as an example of a “secure” service.

I spotted this Twitter thread which may be true, but, on the other hand, it may be an example of disinformation. The thread includes a screenshot and comments which may indicate that Protonmail has provided to law enforcement details about a specific user.

The person creating the tweet with the information points out:

I appreciate protonmail transparency on what happened, they provide a onion domain to avoid that issue (and a VPN), every service has to follow the law of the country they are in and a biggest issue here is the criminalization of climate activists by the french police [sic]

Additional information or disinformation may be available from this link.

Stephen E Arnold, September 6, 2021

Palantir: A Blinded Seeing Stone?

I try to keep pace with the innovations in intelware. That’s my term for specialized software designed to provide the actionable information required by intel professionals, law enforcement, and one or two attorneys who have moved past thumbtyping.

I am not sure if the article “FBI Palantir Glitch Allowed Unauthorized Access to Private Data” is on the money. The “real news” story asserted:

A computer glitch in a secretive software program used by the FBI allowed some unauthorized employees to access private data for more than a year, prosecutors revealed in a new court filing. The screw-up in the Palantir program — a software created by a sprawling data analytics company co-founded by billionaire Peter Thiel — was detailed in a letter by prosecutors in the Manhattan federal court case against accused hacker Virgil Griffith.

Please, read the source document. Also, my personal view is that such an access lapse is not good, but if the story is accurate, I am less concerned that other FBI officials may have had access to content in Gotham or whatever the system is branded these days is less problematic than oligarchs snooping or a Xi Jinping linked tong IT wonk poking around FBI only data.

My thoughts went in a different direction, and I want to capture them. Keep in mind, I don’t know if the access revelation is “true.” Nevertheless, here’s what I jotted down whilst sitting in a lecture about a smart bung for booze lovers:

1. Was the access issue related to Microsoft Windows or to the AWS-type services on which some Palantir installations depend? Microsoft is another “here we go again” question, but the AWS question puts the Bezos bulldozer squarely in the security breach spotlight.
2. How many days, weeks, or months was the access control out of bounds? An hour is one thing; the answer “We don’t have a clue” is another.
3. If — note the if, please — the access issue is due to a Palantir specific feature or function, is there a current security audit of LE, military, and intel  related installations of the “seeing stone” itself? If the answer is “yes”, why was this access issue missed? Who did the audit? Who vetted the auditor? If the answer is “no,” what are the consequences for the other software vendors and IT professionals in the “fault chain”?

The article points out that a royal “we” is troubled. That’s nice. But let’s focus on more pointed questions and deal with what might be a digital Humpty Dumpty. Just my opinion from the underground bunker in rural Kentucky.

Stephen E Arnold, August 27, 2021

« Previous Page — Next Page »

• 

• Search the site

•  

  Subscribe to Beyond Search

  • 
  • 
   
  • 
   
  
  Feature archive
  News archive
   
  
  
  Stephen E. Arnold monitors search, content processing, text mining and related topics from his high-tech nerve center in rural Kentucky. He tries to winnow the goose feathers from the giblets. He works with colleagues worldwide to make this Web log useful to those who want to go "beyond search". Contact him at sa [at] arnoldit.com. His Web site with additional information about search is arnoldit.com.

• Categories

  • 3D-Printing
  • Acquisition
  • Advertising
  • Aggregation
  • AI
  • Alexa
  • algorithms
  • Amazon
  • Amazonia
  • Analytics
  • Appliance
  • Applications
  • Audio
  • Augmented Reality
  • Big data
  • Bing
  • Bitcoin
  • Bitext
  • Book review
  • Business intelligence
  • Business process
  • Business strategy
  • Censorship
  • Cloud computing
  • Company Profile
  • Conferences
  • Connectors
  • Consulting
  • Consumer
  • Content processing
  • Copyright
  • Corporate Concerns
  • Cost
  • Crawl
  • Crowdfunding
  • cryptocurrency
  • Customer support
  • Cyber OSINT
  • cybercrime
  • cybersecurity
  • Dark Web
  • DarkCyber
  • Data
  • Data mining
  • Database
  • Deepfakes
  • Digital Assistant
  • Digital Library
  • E2EE
  • ECommerce
  • EDiscovery
  • Editorial opinion
  • Education
  • Emoticons
  • Enterprise
  • Enterprise search
  • Entity extraction
  • Ethics
  • Facebook
  • Faceted search
  • Factualities
  • Feature
  • Federated search
  • Financial
  • Google
  • Governance
  • Government
  • Hackers
  • healthcare
  • IBM Watson
  • Image search
  • Indexing
  • Infrastructure
  • Innovation
  • Integration
  • intelware
  • Interface
  • Internet
  • Interview
  • Investment
  • law enforcement
  • Legal matters
  • Library automation
  • Management
  • Marketing
  • Mathematics
  • Metadata
  • Microsoft
  • Mobile
  • Natural language processing
  • News
  • NGIA
  • Online (general)
  • Open Access
  • Open source
  • OSINT
  • Osint Radar
  • Overflight
  • Palantir
  • Patents
  • Personnel
  • Podcast
  • Policeware
  • Portals
  • Predictive coding
  • Privacy
  • Profile
  • Publishing
  • Quotation
  • Real time search
  • Reference tool
  • Rich media
  • Robot Writer
  • Search
  • Search enabled applications
  • search engine
  • Search quality
  • Security
  • Semantic
  • Sentiment analysis
  • SEO
  • SharePoint
  • Short Honks
  • Smart Technology
  • Social
  • Social Media
  • software
  • Statistics
  • Taxonomy
  • Technology
  • Text analytics
  • Text processing
  • Tools
  • Tor
  • Training
  • Translation
  • Twitter
  • Uncategorized
  • Unstructured Data
  • User experience
  • User Interface
  • Vertical search
  • Video
  • visualization
  • Voice search
  • Voice technology
  • Web 3
  • Web Services
  • Webinar
  • Windows
  • Work flow
  • XML
  • Yahoo

• Archives

  Archives Select Month July 2024 June 2024 May 2024 April 2024 March 2024 February 2024 January 2024 December 2023 November 2023 October 2023 September 2023 August 2023 July 2023 June 2023 May 2023 April 2023 March 2023 February 2023 January 2023 December 2022 November 2022 October 2022 September 2022 August 2022 July 2022 June 2022 May 2022 April 2022 March 2022 February 2022 January 2022 December 2021 November 2021 October 2021 September 2021 August 2021 July 2021 June 2021 May 2021 April 2021 March 2021 February 2021 January 2021 December 2020 November 2020 October 2020 September 2020 August 2020 July 2020 June 2020 May 2020 April 2020 March 2020 February 2020 January 2020 December 2019 November 2019 October 2019 September 2019 August 2019 July 2019 June 2019 May 2019 April 2019 March 2019 February 2019 January 2019 December 2018 November 2018 October 2018 September 2018 August 2018 July 2018 June 2018 May 2018 April 2018 March 2018 February 2018 January 2018 December 2017 November 2017 October 2017 September 2017 August 2017 July 2017 June 2017 May 2017 April 2017 March 2017 February 2017 January 2017 December 2016 November 2016 October 2016 September 2016 August 2016 July 2016 June 2016 May 2016 April 2016 March 2016 February 2016 January 2016 December 2015 November 2015 October 2015 September 2015 August 2015 July 2015 June 2015 May 2015 April 2015 March 2015 February 2015 January 2015 December 2014 November 2014 October 2014 September 2014 August 2014 July 2014 June 2014 May 2014 April 2014 March 2014 February 2014 January 2014 December 2013 November 2013 October 2013 September 2013 August 2013 July 2013 June 2013 May 2013 April 2013 March 2013 February 2013 January 2013 December 2012 November 2012 October 2012 September 2012 August 2012 July 2012 June 2012 May 2012 April 2012 March 2012 February 2012 January 2012 December 2011 November 2011 October 2011 September 2011 August 2011 July 2011 June 2011 May 2011 April 2011 March 2011 February 2011 January 2011 December 2010 November 2010 October 2010 September 2010 August 2010 July 2010 June 2010 May 2010 April 2010 March 2010 February 2010 January 2010 December 2009 November 2009 October 2009 September 2009 August 2009 July 2009 June 2009 May 2009 April 2009 March 2009 February 2009 January 2009 December 2008 November 2008 October 2008 September 2008 August 2008 July 2008 June 2008 May 2008 April 2008 March 2008 February 2008 January 2008 November 5

• Recent Posts

  • Google Ups the Ante: Skip the Quantum. Aim Higher!
  • AI: Helps an Individual, Harms Committee Thinking Which Is Often Sketchy at Best
  • The Future of UK Libraries? Quite a Question
  • The Wiz: Google Gears Up for Enterprise Security
  • What Will the AT&T Executives Serve Their Lawyers at the Security Breach Debrief?

• Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org