Passport Report: Useful Guidance for Governments and Bad Actors?
September 15, 2020
The consulting firm Bearing Point is an interesting outfit. Marketing, of course, is job one. DarkCyber noted “BearingPoint Study Assesses the Digital Maturity of Passport Services in Countries around the Globe.” The document provides the firm’s assessment of government processes related to digital work flows. Not surprisingly, the report finds opportunities for improvement across the 20 countries surveyed.
A passage DarkCyber noted states:
No examined countries currently assessed to be at level five.
Surprising? No, the object of the study is to sell consulting services for online passport application services.
However, the report provides some useful insights for bad actors interested in figuring out what type of false documents to purchase via an illegal channel. That’s right. The report is a compendium of ideas for bad actors; for example:
The study covers twenty countries selected from across Europe and other regions. The countries included in the study are Australia, Austria, Belgium, Brazil, Canada, Denmark, Estonia, Finland, France, Germany, Ireland, the Netherlands, New Zealand, Norway, Romania, Singapore, Sweden, Switzerland, the UK, and the USA. Of the countries included in the study, eleven offered a partial or full online passport application service. Australia, Brazil, Estonia, France, Switzerland, and the USA were assessed at level three in the service maturity assessment. Level three represents a partial online application service in which citizens can submit application details (all data required excluding the passport image) online, in advance of attending an appointment to complete the application. The critical efficiency at this level is minimizing the volume of data inaccuracy associated with paper applications and capturing the data in advance of attending a public office, which leads to a reduction in data errors and also provides a more efficient service. Finland, Ireland, New Zealand, Singapore and the UK were assessed at level four. This represents a passport service that offers citizens an entirely online application process, though some offline interaction may be required. Passport services at this level offer online services for handling problems with the application, for example, resubmitting a photo digitally if the initially submitted photo did not meet specified standards.
The countries with what appear to be business processes in need of digital enhancement are countries like Romania and Sweden. Sweden?
The report could be used as a shopping guide for false documents which may be used to enter a country illegally. On the other hand, the report is designed to help Bearing Point sell consulting services.
Interesting information if the data are accurate.
Stephen E Arnold, September 15, 2020
US and Cyber Proactivity
September 15, 2020
Kinetic assaults on the United States still pose a great risk, but even greater threats exist in digital spaces. Hacking, malware, viruses, and more could potentially damage the American way of life more than a physical attack. The Star Tribune reports that, “Military’s Top Cyber Official Defends More Aggressive Stance” on attacks taking place in the Internet. General Paul Nakasone defends the more aggressive stance, because the military has become more proactive in order to defeat sophisticated threats.
Nakasone stated that instead of having a “reactive, defensive posture” that military is meeting foreign adversaries online. Instead of waiting to be attacked, the military investigates potential threats and takes necessary action to stop them. Two examples of taking offensive action are:
“As an example, Nakasone cited a mission from last October in which Cyber Command dispatched an elite team of experts to Montenegro to join forces with the tiny Balkan state, which was targeted by Russia-linked hackers. The “hunt forward” mission not only helped defend an ally but was also an opportunity for the U.S. to improve its own cyber defenses before the 2020 election, Nakasone wrote. Cyber Command and NSA worked before the 2018 U.S. midterm election to protect against Russian meddling, he said, creating a task force that shared information about potential compromises and other threats, including how to counter trolls on social media.”
Arguably this prevented interferences in the US midterm elections and the plans are to prevent more possible threats for the 2020 presidential election.
Cyber Command was established in 2010 to defend against cyber attacks on the Department of Defense’s classified and unclassified networks. Cyber Command’s offensive strategy has changed from its original purpose to “proactively hunt for adversary malware on our own networks rather than simply waiting for an intrusion to be identified.” Cyber Command also shares information on malware as its discovered so its less of a threat.
Inaction often leads to attacks that could be avoided. If Cyber Command does nothing, then when an attack occurs people are upset. However, if Cyber Command is on the offensive it is seen as unnecessary aggression by certain parties. It is a catch-22, but also not.
Whitney Grace, September 15, 2020
Nvidia Arm: An Artificial Intelligence Angle. Oh, Maybe a Monopoly Play Too?
September 14, 2020
As the claims, rumors, and outrage about Nvidia’s alleged acquisition of ARM swirl, DarkCyber noted an interesting story in ExtremeTech. “Nvidia Buys ARM for $40 Billion, Plans New AI Research Center” states:
According to Nvidia CEO Jensen Huang,
We are joining arms with Arm to create the leading computing company for the age of AI. AI is the most powerful technology force of our time. Learning from data, AI supercomputers can write software no human can. Amazingly, AI software can perceive its environment, infer the best plan, and act intelligently. This new form of software will expand computing to every corner of the globe. Someday, trillions of computers running AI will create a new internet — the internet-of-things — thousands of times bigger than today’s internet-of-people. In the same letter, Jensen notes that Nvidia will build a “world-class” AI center in Cambridge, where a state-of-the-art ARM-based supercomputer will conduct research. [Emphasis added by DarkCyber]
Assume the deal goes through. Assume Nvidia creates a new AI research center. Are there some implications of this type of move? Who knows, but it is often helpful to identify some potential downstream consequences:
- Nvidia becomes the de facto supplier of silicon for supercomputers
- Amazon, already keen on Nvidia, ramps up its efforts to boost Sagemaker and allied technologies in the AWS environment
- Google and Microsoft have to do some thinking about their approach to next-generation silicon
- IBM may be inspired to do more than issue Intel style news releases about creating stable silicon using fabrication techniques outside their competencies at this time
- Chinese and China-allied semiconductor companies will have to shift into a higher gear and amp up their marketing
Will the deal, if it takes place, create the semiconductor equivalent of a Facebook monopoly?
That’s a possibility. Those US regulators are on the job, ever vigilant, just like those on Wall Street.
Stephen E Arnold, September 17, 2020
Digital Currency Now Becoming Visible
September 14, 2020
Did you think your Bitcoin was beyond the long arm of tax law? Sorry to break it to you, but it is not. Not only does the IRS now ask about cryptocurrency transactions on the front page of form 1040, the agency has acquired a list of digital currency users, we learn from the article, “IRS Sends Fresh Round of Tax Warning Letters to Cryptocurrency Owners” at Bitcoin.com News. Cointracker’s Chandan Lodha suspects the IRS built this mailing list from a subpoena of Coinbase data, though the agency has subpoenaed several other exchanges and is using blockchain analytics software. So much for secret transactions. Writer Kevin Helms reports:
“Several tax service providers revealed on Tuesday that their clients have received a warning letter from the IRS similar to those the agency sent to about 10,000 crypto owners last year. There are three types of letters. The first type, Letter 6173, specifies a date by which the taxpayer must respond or their tax account will be examined by the agency. The other two, Letter 6174 and 6174-A, only remind taxpayers of their tax obligations. The Taxpayer Advocate Service, an independent organization within the IRS, has said that the IRS letters violate taxpayers’ rights. … The IRS letter proceeds to advise cryptocurrency owners that if they did not accurately report the cryptocurrency transactions on the federal income tax return, they should ‘file amended returns or delinquent returns.’ The agency warned: ‘If you do not accurately report your virtual currency transactions, you may be subject to future civil and criminal enforcement activity.’”
The assertion that these letters violate taxpayers’ rights rests on the right to privacy described in the IRS’ own Taxpayer Bill of Rights (PDF). We do not suggest anyone count on that claim to keep them out of trouble, however. The agency has helpfully published guidelines for those who must report cryptocurrency transactions, as discussed in this article.
Cynthia Murrell, September 14, 2020
Yo, Kafka: Check Out This Bureaucratic Play
September 9, 2020
“Beijing Floats a Plan to Protect Chinese Companies from American Cyber Bullying” is an interesting news report. Let’s assume that it is accurate with nothing lost in translation. The write up states:
In a speech Tuesday, Chinese State Councillor Wang Yi proposed a set of international rules intended to increase trust and refute the Trump administration’s strategy to limit the reach of Chinese-made technologies. Wang said the “Global Initiative on Data Security” is a recognition that data protection techniques are increasingly politicized at a moment when “individual countries” are “bullying” others, sometimes “hunting” foreign-based companies.
The political questions are outside the scope of DarkCyber. The semantic issues are getting into the research team’s area of interest.
What’s important is that this is a content object which may be weaponized. Who is bullying whom? Has security become the equivalent of accosting a person of improper behavior? What’s hunting mean?
Worth noting.
Stephen E Arnold, September 9, 2020
Amazon: Employee Surveillance and the Bezos Bulldozer with DeepLens, Ring, and Alexa Upgrades
September 4, 2020
Editor’s Note: This link to Eyes Everywhere: Amazon’s Surveillance Infrastructure and Revitalizing Worker Power may go bad; that is, happy 404 to you. There’s not much DarkCyber can do. Just a heads up, gentle reader.
The information in a report by Open Markets called Amazon’s Surveillance Infrastructure and Revitalizing Worker Power may be difficult to verify and comprehend. People think of Amazon in terms of boxes with smiley faces and quick deliveries of dog food and Lightning cables.
Happy Amazon boxes.
The 34 page document paints a picture of sad Amazon boxes.
The main point is that the Bezos bulldozer drives over employees, not just local, regional, and national retail outlets:
A fundamental aspect of its power is the corporation’s ability to surveil every aspect of its workers’ behavior and use the surveillance to create a harsh and dehumanizing working environment that produces a constant state of fear, as well as physical and mental anguish. The corporation’s extensive and pervasive surveillance practices deter workers from collectively organizing and harm their physical and mental health. Amazon’s vast surveillance infrastructure constantly makes workers aware that every single movement they make is tracked and scrutinized. When workers make the slightest mistake, Amazon can use its surveillance infrastructure to terminate them.
Several observations:
- Amazon is doing what Amazon does. Just like beavers doing what beavers do. Changing behavior is not easy. Evidence: Ask the parents of a child addicted to opioids.
- Stakeholders are happy. Think of the the song with the line “money, money, money.”
- Amazon has the cash, clout, and commitment to pay for lobbying the US government. So far the President of the United States has been able to catch Amazon’s attention with a JEDI sword strike, but that’s not slowed down Darth Jeff.
Net net: After 20 plus years of zero meaningful regulation, the activities of the Bezos bulldozer should be viewed as a force (like “May the force be with you.”) DarkCyber wants to point out that Amazon is also in the policeware business. The write up may be viewed as validation of Amazon’s investments in this market sector.
Stephen E Arnold, September 4, 2020
Maps with Blank Spots
September 2, 2020
We noted the “real” news outfit story “Blanked-Out Spots On China’s Maps Helped Us Uncover Xinjiang’s Camps.” The how to is interesting. We learned:
Our breakthrough came when we noticed that there was some sort of issue with satellite imagery tiles loading in the vicinity of one of the known camps while using the Chinese mapping platform Baidu Maps. The satellite imagery was old, but otherwise fine when zoomed out — but at a certain point, plain light gray tiles would appear over the camp location. They disappeared as you zoomed in further, while the satellite imagery was replaced by the standard gray reference tiles, which showed features such as building outlines and roads. At that time, Baidu only had satellite imagery at medium resolution in most parts of Xinjiang, which would be replaced by their general reference map tiles when you zoomed in closer. That wasn’t what was happening here — these light gray tiles at the camp location were a different color than the reference map tiles and lacked any drawn information, such as roads.
After reading the article, DarkCyber wonders what other interesting sites are missing?
Stephen E Arnold, September 2, 2010
Google: We Are the Web. You Really Did Not Know, Did You?
August 31, 2020
Years ago I wrote three monographs about Google. The publisher, now defunct, sold these books after I recycled research paid for and delivered to several clients. The books explored the technologies was developing to redefine what in 2004 to 2008 was the World Wide Web. I included diagrams of a Google walled garden. I explained how Google’s page reconstruction inventions cobbled together data from different sources to create a Google version of content. Heck, I even included the dossier example from a Google patent.
The figure comes from US20070198481. Note that the machine generated dossier includes nicknames, contact information, ethnicity, and other interesting items of information culled from multiple sources and presented in a police report format. The “Maps and Pictures” label is linked to Google Maps.
The patent drawing presented a photo, key facts, and other information about an entity (in this case a person Michael Jackson, the songster). No one paid much attention. One book was circulated within a government agency, but the “real” journalists who requested review copies did zippo with the information.
I spotted a post on Slashdot titled “Brave Complains Google’s Newly Proposed Web Bundles Standard Would Make URLs Meaningless.” Welcome to the reality of the walled garden concept I explained about 15 years ago. The Slashdot post is here and the Brave post is here.
The hiding of PDF urls was one “enhancement” Google introduced several years ago. Researchers who need to document the location of a source document have to use services like URL Clean in order to identify the source of a document, including documents created by US government agencies like DARPA and the CIA. Hey, that’s helpful, Google.
The url masking was little more than an experiment, and it provided the Google with useful data which allows the next “walled garden” architectural enhancement to be scheduled.
Urls from Google are the source.
Why the time lag of a decade? Despite the perception that Google is a disorganized, chaotic outfit, there are some deeper trends which persist through time. These Brin-Page ideas, like the Elliott wave theory, Google becoming the Web is reaching another crest.
Is it too late? Gentle reader, it was too late a decade ago. A lack of meaningful regulation and the emergence of an information monoculture has ceded provenance to Google and a handful of other companies. One does not live in a country. One lives in a dataverse owned, shaped, and controlled by a commercial enterprise.
That’s why it makes zero difference what government officials try to do, the Google is in place and simply enhancing its walled garden, its revenue capability, and its control. Since few online consumers know how to vet sources and validate information, why not trust Google?
And where do the regulators get their information? Why from Google, of course. Logical. And logic is right.
Stephen E Arnold, September 3, 2020
Another Data Marketplace: Amazon, Microsoft, Oracle, or Other Provider for This Construct?
August 31, 2020
The European Union is making a sharp U-turn on data privacy, we learn from MIT Technology Review’s article, “The EU Is Launching a Market for Personal Data. Here’s What That Means for Privacy.” The EU has historically protected its citizens’ online privacy with vigor, fighting tooth and nail against the commercial exploitation of private information. As of February, though, the European Commission has decided on a completely different data strategy (PDF). Reporter Anna Artyushina writes:
“The Trusts Project, the first initiative put forth by the new EU policies, will be implemented by 2022. With a €7 million [8.3 million USD] budget, it will set up a pan-European pool of personal and nonpersonal information that should become a one-stop shop for businesses and governments looking to access citizens’ information. Global technology companies will not be allowed to store or move Europeans’ data. Instead, they will be required to access it via the trusts. Citizens will collect ‘data dividends,’ which haven’t been clearly defined but could include monetary or nonmonetary payments from companies that use their personal data. With the EU’s roughly 500 million citizens poised to become data sources, the trusts will create the world’s largest data market. For citizens, this means the data created by them and about them will be held in public servers and managed by data trusts. The European Commission envisions the trusts as a way to help European businesses and governments reuse and extract value from the massive amounts of data produced across the region, and to help European citizens benefit from their information.”
It seems shifty they have yet to determine just how citizens will benefit from this data exploitation, I mean, value-extraction. There is no guarantee people will have any control over their information, and there is currently no way to opt out. This change is likely to ripple around the world, as the way EU approaches data regulation has long served as an example to other countries.
The concept of data trusts has been around since 2018, when Sir Tim Berners Lee proposed it. Such a trust could be for-profit, for a charitable cause, or simply for data storage and protection. As Artyushina notes, whether this particular trust actually protects citizens depends on the wording of its charter and the composition of its board of directors. See the article for examples of other trusts gone wrong, as well as possible solutions. Let us hope this project is set up and managed in a way that puts citizens first.
Cynthia Murrell, August 31, 2020
Will the US Government Understand Streaming and ISPs?
August 26, 2020
There’s hope I suppose. After reading “Streaming Is Laying Bare How Big ISPs, Big Tech, and Big Media Work Together Against Users,” I am not sure the message will get through. Dark patterns can be difficult to explain. Crafty and efficient MBAs create ways to harvest money. Consumers may get the drift, but regulators and elected officials? Maybe, maybe not.
One this is certain: With appeals like this one, most will just smile and move on:
We need more choices for our ISPs, so they can’t keep charging us more for bad service. We need more choices so they can’t leverage their captive audiences for their new video services. We need net neutrality so these giant companies can’t create fiefdoms where they manipulate how we spend our time online. And we need our technology to be freed from corporate deals so we get what we paid for.
For some fun reading, check out this cost comparison chart. How’s the communication with the US government working out?
Stephen E Arnold, August 26, 2020
-
- Subscribe to Beyond Search
Feature archive
News archive
-
