Data and Goliath (54 page)

Facebook ran an experiment:
Adam D. I. Kramer, Jamie E. Guillory, and Jeffrey T. Hancock (17 Jun 2014), “Experimental
evidence of massive-scale emotional contagion through social networks,”
Proceedings of the National Academy of Sciences of the United States of America
111, http://www.pnas.org/content/111/24/8788.full.

women feel less attractive:
Lucia Moses (2 Oct 2013), “Marketers should take note of when women feel least attractive:
What messages to convey and when to send them,”
Adweek
, http://www.adweek.com/news/advertising-branding/marketers-should-take-note-when-women-feel-least-attractive-152753.

companies want to better determine:
Mark Buchanan (17 Aug 2007), “The science of subtle signals,”
strategy+business magazine
, http://web.media.mit.edu/~sandy/Honest-Signals-sb48_07307.pdf.

That gives them enormous power:
All of this manipulation has the potential to be much more damaging on the Internet,
because the very architecture of our social systems is controlled by corporations.
Harvard law professor Lawrence Lessig has written about computing architecture as
a mechanism of control. Lawrence Lessig (2006),
Code: And Other Laws of Cyberspace, Version 2.0
, Basic Books, http://codev2.cc.

Candidates and advocacy groups:
Ed Pilkington and Amanda Michel (17 Feb 2012), “Obama, Facebook and the power of
friendship: The 2012 data election,”
Guardian
, http://www.theguardian.com/world/2012/feb/17/obama-digital-data-machine-facebook-election.
Tanzina Vega (20 Feb 2012), “Online data helping campaigns customize ads,”
New York Times
, http://www.nytimes.com/2012/02/21/us/politics/campaigns-use-microtargeting-to-attract-supporters.html.
Nathan Abse (Oct 2012), “Big data delivers on campaign promise: Microtargeted political
advertising in Election 2012,” Interactive Advertising Bureau, http://www.iab.net/media/file/Innovations_In_Web_Marketing_and_Advertising_delivery.pdf.

They can also fine-tune:
Sasha Issenberg (19 Dec 2012), “How President Obama’s campaign used big data to rally
individual voters,”
MIT Technology Review
, http://www.technologyreview.com/featuredstory/509026/how-obamas-team-used-big-data-to-rally-voters.

more efficiently gerrymander:
Micah Altman, Karin MacDonald, and Michael MacDonald (2005), “Pushbutton gerrymanders:
How computing has changed redistricting,” in
Party Lines: Competition, Partisanship, and Congressional Redistricting
, ed. Thomas E. Mann and Bruce E. Cain, Brookings Institution Press, http://openscholar.mit.edu/sites/default/files/dept/files/pushbutton.pdf.
Robert Draper (19 Sep 2012), “The league of dangerous mapmakers,”
Atlantic
, http://www.theatlantic.com/magazine/archive/2012/10/the-league-of/309084. Tracy
Jan (23 Jun 2013), “Turning the political map into a partisan weapon,”
Boston Globe
, http://www.bostonglobe.com/news/nation/2013/06/22/new-district-maps-reaped-rewards-for-gop-congress-but-cost-fewer-moderates-more-gridlock/B6jCugm94tpBvVu77ay0wJ/story.html.

fundamental effects on democracy:
Arch Puddington (9 Oct 2013), “To renew American democracy, eliminate gerrymandering,”
Freedom House, http://www.freedomhouse.org/blog/renew-american-democracy-eliminate-gerrymandering.
Press Millen (20 Jul 2014), “With NC gerrymandering, democracy is the loser,”
News Observer
, http://www.newsobserver.com/2014/07/20/4014754/with-nc-gerrymandering-democracy.html.

Kevin Mitnick broke into:
John Markoff (16 Feb 1995), “A most-wanted cyberthief is caught in his own web,”
New York Times
, http://www.nytimes.com/1995/02/16/us/a-most-wanted-cyberthief-is-caught-in-his-own-web.html.

hackers broke into:
Robert O’Harrow Jr. (17 Feb 2005), “ID data conned from firm,”
Washington Post
, http://www.washingtonpost.com/wp-dyn/articles/A30897-2005Feb16.html.

hackers broke into Home Depot’s:
Brian Krebs (2 Sep 2014), “Banks: Credit card breach at Home Depot,”
Krebs on Security
, http://krebsonsecurity.com/2014/09/banks-credit-card-breach-at-home-depot. Robin
Sidel (18 Sep 2014), “Home Depot’s 56 million card breach bigger than Target’s,”
Wall Street Journal
, http://online.wsj.com/articles/home-depot-breach-bigger-than-targets-1411073571.

from JPMorgan Chase:
Dominic Rushe (3 Oct 2014), “JP Morgan Chase reveals massive data breach affecting
76m households,”
Guardian
, http://www.theguardian.com/business/2014/oct/02/jp-morgan-76m-households-affected-data-breach.

criminals have legally purchased:
Brian Krebs (20 Oct 2013), “Experian sold consumer data to ID theft service,”
Krebs on Security
, http://krebsonsecurity.com/2013/10/experian-sold-consumer-data-to-id-theft-service.

Cybercrime is older than the Internet:
M. E. Kabay (2008), “A brief history of computer crime: An introduction for students,”
Norwich University, http://www.mekabay.com/overviews/history.pdf.

Or he files a fake tax return:
This is becoming a huge problem in the US. Michael Kranish (16 Feb 2014), “IRS is
overwhelmed by identity theft fraud,”
Boston Globe
, http://www.bostonglobe.com/news/nation/2014/02/16/identity-theft-taxpayer-information-major-problem-for-irs/7SC0BarZMDvy07bbhDXwvN/story.html.
Steve Kroft (21 Sep 2014), “Biggest IRS scam around: Identity tax refund fraud,”
CBS News
, http://www.cbsnews.com/news/irs-scam-identity-tax-refund-fraud-60-minutes.

Government databases:
In 2014, we learned that Chinese hackers broke into a
database containing personal information about US security-clearance holders. We don’t
know whether these were criminals looking for information to help them commit fraud,
or government intelligence personnel looking for information to help them coerce people
in positions of access. Michael S. Schmidt, David E. Sanger, and Nicole Perlroth (9
Jul 2014), “Chinese hackers pursue key data on U.S. workers,”
New York Times
, http://www.nytimes.com/2014/07/10/world/asia/chinese-hackers-pursue-key-data-on-us-workers.html.

many more data vulnerabilities:
This is just an example. A piece of malware infected over 1,
000
companies in 2014, stealing credit card details. Many of the companies infected did
not know they were victims. Nicole Perlroth (8 Sep 2014), “Home Depot data breach
could be the largest yet,”
New York Times
, http://bits.blogs.nytimes.com/2014/09/08/home-depot-confirms-that-it-was-hacked.

arrested in 2010 for “sextortion”:
Richard Winton (1 Sep 2011), “‘Sextortion’: 6 years for O.C. hacker who victimized
women, girls,”
Los Angeles Times
, http://latimesblogs.latimes.com/lanow/2011/09/sextortion-six-years-for-oc-hacker-who-forced-women-to-give-up-naked-pics-.html.

The most insidious RATs:
Nate Anderson (10 Mar 2013), “Meet the men who spy on women through their webcams,”
Ars Technica
, http://arstechnica.com/tech-policy/2013/03/rat-breeders-meet-the-men-who-spy-on-women-through-their-webcams.

computer companies that spied:
Kashmir Hill (25 Sep 2012), “FTC says rent-to-own computers captured couples having
sex,”
Forbes
, http://www.forbes.com/sites/kashmirhill/2012/09/25/ftc-its-not-cool-to-put-spyware-on-rent-to-own-computers-without-customer-consent.
Dara Kerr (22 Oct 2013), “Aaron’s computer rental chain settles FTC spying charges,”
CNET
, http://www.cnet.com/news/aarons-computer-rental-chain-settles-ftc-spying-charges.

9: Business Competitiveness

I wrote my first book:
The book had a 1994 copyright date, but was published in October 1993. Bruce Schneier
(1994),
Applied Cryptography: Protocols, Algorithms, and Source Code in C
, Wiley, https://www.schneier.com/book-applied.html.

It was a big deal:
Wired (Apr 1996), “On newsstands now: Crypto catalog,”
Wired
, http://archive.wired.com/wired/archive/4.04/updata.html.

over 250 cryptography products:
Stephen T. Walker (12 Oct 1993), “Oral testimony by Stephen T. Walker, President,
Trusted Information Systems, Inc., for Subcommittee on Economic Policy, Trade and
Environment, Committee on Foreign Affairs, US House of Representatives,” http://fas.org/irp/congress/1993_hr/931012_walker_oral.htm.

It was a scare story:
Here are some references for the current scare story in action. Ellen Nakashima (26
Jul 2014), “Proliferation of new online communications services poses hurdles for
law enforcement,”
Washington Post
, http://www.washingtonpost.com/world/national-security/proliferation-of-new-online-communications-services-poses-hurdles-for-law-enforcement/2014/07/25/645b13aa-0d21-11e4-b8e5-d0de80767fc2_story.html.
Orin Kerr (19 Sep 2014), “Apple’s dangerous game,”
Washington Post
,
http://www.washingtonpost.com/news/volokh-conspiracy/wp/2014/09/19/apples-dangerous-game.
Brent Kendall (25 Sep 2014), “FBI director raises concerns about smartphones,”
Wall Street Journal
, http://online.wsj.com/articles/fbi-director-raises-concerns-about-smartphone-security-plans-1411671434.

They passed the CALEA law:
FBI director Louis Freeh put it this way: “We’re in favor of strong encryption, robust
encryption. The country needs it, industry needs it. We just want to make sure we
have a trap door and key under some judge’s authority where we can get there if somebody
is planning a crime.” A similar quote from the FBI’s general counsel from 2010 was
in Chapter 6. Brock N. Meeks (12 May 1995), “Jacking in from the narco-terrorist encryption
port,”
CyberWire Dispatch
, http://www.cyberwire.com/cwd/cwd.95.05.12a.html.

This was marketed as “key escrow”:
Wayne Madsen (Nov 1994), “The Clipper controversy,”
Information Systems Security
3, http://www.sciencedirect.com/science/article/pii/1353485894900973. Matt Blaze
(5–9 Dec 2011), “Key escrow from a safe distance: Looking back at the Clipper Chip,”
27th Annual Computer Security Applications Conference, Orlando, Florida, http://www.crypto.com/papers/escrow-acsac11.pdf.

device with the Clipper Chip:
The US military had something similar from the NSA since 1987: the STU-III. Department
of Defense Security Institute (Feb 1997), “STU-III handbook for industry,” http://www.tscm.com/STUIIIhandbook.html.

Nobody wanted encryption:
Hal Abelson et al. (Jun 1999), “The risks of key recovery, key escrow, and trusted
third-party encryption,”
World Wide Web Journal
2, https://www.schneier.com/paper-key-escrow.html.

The US government was the only:
Crypto Museum (2014), “AT&T TSD-3600-E Telephone Encryptor,” http://www.cryptomuseum.com/crypto/att/tsd3600.

other key escrow initiatives:
Dorothy E. Denning and Dennis K. Branstad (Mar 1996), “A taxonomy for key escrow
encryption systems,”
Communications of the ACM
39, http://faculty.nps.edu/dedennin/publications/Taxonomy-CACM.pdf.

over 800 encryption products:
Lance J. Hoffman et al. (10 Jun 1999), “Growing development of foreign encryption
products in the face of U.S. export regulations,” Report GWU-CPI-1999-02, Cyberspace
Policy Institute, George Washington University School of Engineering and Applied Science,
http://cryptome.org/cpi-survey.htm.

the crypto wars:
This is a good account of those times. Steven Levy (May 1993), “Crypto rebels,”
Wired
, http://archive.wired.com/wired/archive/1.02/crypto.rebels_pr.html.

NSA surveillance is costing:
These three aspects were discussed in this document. Danielle Kehl et al. (29 Jul
2014), “Surveillance costs: The NSA’s impact on the economy, Internet freedom and
cyberspace,” Open Technology Institute, New America Foundation, http://www.newamerica.net/publications/policy/surveillance_costs_the_nsas_impact_on_the_economy_internet_freedom_cybersecurity.

the PRISM program:
Barton Gellman and Laura Poitras (7 Jun 2013), “U.S., British intelligence mining
data from nine U.S. Internet companies in broad secret program,”
Washington Post
, http://www.washingtonpost.com/investigations/us-intelligence-mining-data-from-nine-us-internet-companies-in-broad-secret-program/2013/06/06/3a0c0da8-cebf-11e2-8845-d970ccb04497_story.html.

US cloud companies were losing:
David Gilbert (4 Jul 2013), “Companies turn to Switzerland for cloud storage following
NSA spying revelations,”
International Business Times
, http://www.ibtimes.co.uk/business-turns-away-dropbox-towards-switzerland-nsa-486613.

moving their data outside the US:
Ellen Messmer (8 Jan 2014), “NSA scandal spooking IT pros in UK, Canada,”
Network World
, http://www.networkworld.com/article/2173190/security/nsa-scandal-spooking-it-pros-in-uk--canada.html.

NSA revelations made executives:
NTT Communications (28 Mar 2014), “NSA after-shocks: How Snowden has changed ICT
decision-makers’ approach to the cloud,” http://nsaaftershocks.com/wp-content/themes/nsa/images/NTTC_Report_WEB.pdf.

Estimates of how much business:
Daniel Castro (5 Aug 2013), “How much will PRISM cost the U.S. cloud computing industry?”
Information Technology and Innovation Foundation, http://www.itif.org/publications/how-much-will-prism-cost-us-cloud-computing-industry.
Andrea Peterson (7 Aug 2013), “NSA snooping could cost U.S. tech companies $35 billion
over three years,”
Washington Post
, http://www.washingtonpost.com/blogs/the-switch/wp/2013/08/07/nsa-snooping-could-cost-u-s-tech-companies-35-billion-over-three-years.