Deepfake Detection: Unsolvable
November 3, 2019
“CEO of Anti-Deepfake Software Says His Job Is Ultimately a Losing Battle” describes what may be an unsolvable problem. Manipulated content may be in the category of the Millennium Prize Problems, just more complicated. The slightly gloomy write up quotes the founder of Amber Video (Shamai Allibhai):
“Ultimately I think it’s a losing battle. The whole nature of this technology is built as an adversarial network where one tries to create a fake and the other tries to detect a fake. The core component is trying to get machine learning to improve all the time…Ultimately it will circumvent detection tools.
The newspaper publishing this observation did not include Jorge Luis Borges’ observation made in the Paris Review in 1967:
Really, nobody knows whether the world is realistic or fantastic, that is to say, whether the world is a natural process or whether it is a kind of dream, a dream that we may or may not share with others.
But venture funding makes the impossible appear to be possible until it is not.
Stephen E Arnold, November 3, 2019
Google Protest: An Insulting Anniversary
November 2, 2019
DarkCyber noted this write up in CNet, an online information service, which may not be capturing too many Google ads in 2020. Here’s the title and subtitle of the story:
The headline is Googley; that is, it is designed to make the story appear in a Google search results list. The jabber may work. But what may not be as efficacious is building bridges to the Google itself. For example, the write up states:
The Google protests [maybe about sexual matters, management decisions, money?] didn’t achieve everything their organizers were seeking. Several Google workers and former workers are dissatisfied with the company’s response. Organizers say the company has done the bare minimum to address concerns, and employees allege that it has retaliated against workers and sought to quash dissent. “They’ve been constantly paying lip service,” said one Google employee who was involved with the walkout. “It’s insulting to our intelligence,” said the person, who requested anonymity because of fear of retribution from the company.
Then the observation:
Google declined to make its senior leadership team, including co-founders Larry Page and Sergey Brin, CEO Sundar Pichai and human resources chief Eileen Naughton, available for interviews. In a statement, Naughton touted changes Google has made over the past year, including streamlining the process for people to report abuse and other problems.
A few observations may be warranted:
- Google’s management methods may follow the pattern set in high school science clubs when those youthful wizards confront something unfamiliar
- A problem seems to exist within the GOOG
- Outfits like CNet are willing to explain what may be a Google shortcoming because Google is not longer untouchable.
Interesting? If paid employees won’t get along and go along, how will that translate into Google’s commitment to enterprise solutions? What if an employee inserts malicious code in a cloud service as a digital protest? What if… I don’t want to contemplate what annoyed smart people can do at 3 am with access credentials.
Yikes. Insulting.
Stephen E Arnold, November 2, 2019
China and Its Data Method
November 2, 2019
China continues to expand its authority to surveil anything and everything that occurs electronically within its borders, and its latest plan could pose a legal bind for any foreign companies doing business there. China Law Blog sums up the problem in, “China’s New Cybersecurity Program: NO Place to Hide.” China’s Ministry of Security plans to access all raw data that crosses Chinese networks and/or resides on Chinese servers and to employ renowned big-data expert Wang Yingwei to analyze it in his new role as head of the Cybersecurity Bureau. Reporter Steve Dickinson emphasizes the Ministry intends to intercept every scrap of data from every corner of society, from businesses to fellow ministries to even the Internet of things. Note that foreign businesses are included, and the methods such entities used to rely upon to avoid the surveillance will no longer apply. Dickinson writes:
“They did this primarily by establishing VPN internet servers in their own offices. These servers used VPN technologies to isolate data from the Chinese controlled networks, allowing for the use of a company intranet that maintained the secrecy of emails and data stored on the company servers in China. As cloud computing has advanced, foreign owned companies typically use the same VPN technologies to isolate their cloud based servers from the Chinese controlled system. Though the Chinese authorities often complained about these VPN systems, foreign companies were usually able to claim that their special WFOE status exempted them from Chinese data controls. However, with the roll-out of the new system, that will all change. First, the Cybersecurity Law and related laws and regulations are very clear that they apply to all individuals and entities in China without regard to ownership or nationality. There are no exceptions. More important, the new Foreign Investment Law that goes into effect on January 1, 2020 eliminates any special status associated with being a WFOE or other foreign invested enterprise. Foreign owned companies will be treated in exactly the same way as Chinese owned companies.”
Not only does this mean foreign companies will be unable to secure their own trade secrets on Chinese networks or at offices within China, neither will they be able to adhere to U.S. or EU laws on protecting client confidentiality, restricted emerging technologies, or other sensitive information. To avoid prosecution for breaking these laws simply by doing business within China, some companies may have no choice but to shutter any operations in that country.
Cynthia Murrell, November 2, 2019
Search System Bayard
November 1, 2019
Looking for an open source search and retrieval tool written in Rust and built on top of Tantivy (Lucene?). Point your browser to Github and grab the files. The read me file highlights these features:
- Full-text search/indexing
- Index replication
- Bringing up a cluster
- Command line interface.
DarkCyber has not tested it, but a journalist contacted us on October 31, 2019, and was interested in the future of search. I pointed out that there are free and open source options.
What people want to buy, however, is something that does not alienate two thirds of the search system’s users the first day the software is deployed.
Surprised? You may not know what you don’t know, but, gentle reader, you are an exception.
Stephen E Arnold, November 1, 2019
A New Private Company Directory Entering the Information Super Highway
November 1, 2019
DarkCyber spotted “Crunchbase Raises $30 Million to Go after Private Companies’ Data.” Business directories can be lucrative. Just track down and old school Dun & Bradstreet senior manager.
The approach taken by Crunchbase, which for a short period of time, was a Verizon property, consists of several parts:
- Tracking information about private companies
- Inclusion of information that will make the directory like LinkedIn, the Microsoft job hunting and social networking site
- A modern-day service able to host corporate Web sites (maybe a 21st city Geocities?). The idea is to capture “partnership and careers pages.”
The write up describes Crunchbase as “one of the largest publicly accessible repositories of data about private companies.”
We learned:
Crunchbase partners with more than 4,000 data suppliers that provide it with valuable information on startup companies, such as annual revenue or burn rate.
Oracle provides a data marketplace and Amazon may be spinning up its streaming data marketplace. Will Crunchbase partner, compete, or sell to either of these companies?
Once in a while, DarkCyber looks up a company on Crunchbase. The experience is a “begging for dollars” journey. The useful information has been trimmed in order to get DarkCyber to sign up for hundreds of dollars to look up information about a private company easily findable elsewhere. A good source are Web sites of the outfits pumping cash into startups, tweets, and discussion groups.
Can the $30 million succeed where other directories have found themselves operated by trade associations or intelligence software equipped with a data base of open source information?
Worth watching. We know the investors have their eyes open as will Cengage, possibly the proud producers of Ward’s Business Directory of US Private and Public Companies.
Stephen E Arnold, November 1, 2019
Cyberbully Algorithm: Will It Work?
November 1, 2019
Given the paradoxes of human expression, teaching algorithms to identify harmful speech on social media has proven a difficult task. One group of researchers, though, has made a breakthrough—EurekAlert declares, “New Algorithms Can Distinguish Cyberbullies from Normal Twitter Users with 90% Accuracy.” The news release explains:
“Effective tools for detecting harmful actions on social media are scarce, as this type of behavior is often ambiguous in nature and/or exhibited via seemingly superficial comments and criticisms. Aiming to address this gap, a research team featuring Binghamton University computer scientist Jeremy Blackburn analyzed the behavioral patterns exhibited by abusive Twitter users and their differences from other Twitter users. ‘We built crawlers — programs that collect data from Twitter via variety of mechanisms,’ said Blackburn. ‘We gathered tweets of Twitter users, their profiles, as well as (social) network-related things, like who they follow and who follows them.’ The researchers then performed natural language processing and sentiment analysis on the tweets themselves, as well as a variety of social network analyses on the connections between users. The researchers developed algorithms to automatically classify two specific types of offensive online behavior, i.e., cyberbullying and cyberaggression. The algorithms were able to identify abusive users on Twitter with 90 percent accuracy. These are users who engage in harassing behavior, e.g. those who send death threats or make racist remarks to users.”
Of course, 90 percent accuracy means 10 percent slips through, so we still have a way to go. Also, for a bully to be detected, they have to have already acted badly, and no algorithm can undo that damage. Blackburn says his team is working on “pro-active mitigation techniques” that could help. I am curious to see what that will look like. Stay tuned.
Cynthia Murrell, November 1, 2019
The Golden Age of Surveillance
November 1, 2019
Back in 2016, then-FBI general counsel Jim Baker famously fought tooth and nail to force Apple to grant the Bureau access to an encrypted phone following a terrorist attack in San Bernardino. (The FBI eventually found another way to access the data, so the legal issue was sidestepped.) Now we learn Baker has evolved on the issue in the write-up, “Former FBI General Counsel who Fought Apple Has Now ‘Rethought’ Encryption” at 9To5Mac. Writer Ben Lovejoy pulls highlights from a lengthy piece Baker wrote for the Lawfare blog describing his current position on encryption. While he stands by his actions in the San Bernardino case, he now sees the need to balance law enforcement’s need for information and the rest of society’s need to protect valuable data from bad actors. Lovejoy writes:
“Baker says that strong encryption still poses a substantial problem for law enforcement, but he now recognizes that there is no way to square the circle of protecting both personal and government data on the one hand, and allowing law enforcement to access data on the other.
‘A solution that focuses solely on law enforcement’s concerns will have profound negative implications for the nation across many dimensions. I am unaware of a technical solution that will effectively and simultaneously reconcile all of the societal interests at stake in the encryption debate, such as public safety, cybersecurity and privacy as well as simultaneously fostering innovation and the economic competitiveness of American companies in a global marketplace.’
“He says that forcing US companies to create compromised systems would simply shift demand to foreign-made products that remain secure. Additionally, a lot can be done with metadata- that is, records of who contacted who, rather than what was said.
‘Further, the situation for law enforcement may not actually be as bad as some claim. In fact, some argue that society is in a “golden age of surveillance” as substantially more data- especially metadata- than ever before is available for collection and analysis by law enforcement.’”
“Golden age of surveillance” indeed—the man has a point. He stresses, in particular, the importance of avoiding potential spyware in Chinese-made equipment. He urges government officials to embrace encryption as necessary or, if they refuse to do that, find another way to guard against existential cyber threats. He observes they have yet to do so effectively.
Cynthia Murrell, November 1, 2019