Schneier on Security

echo • January 13, 2023 8:09 AM

Section three (Threat Models) is comprehensive on the surface but completely ignores political and administrative and social domains which are the biggest threat. Really, within the human rights and governance domain the documented threats are quite trivial and easily countered. They rarely if ever get through formal processes including formal evidence gathering and evaluation. Some very very sneaky people have tried it on but they have been rooted out and got rid of. The paper is correct to indicate the threats are none zero but I feel they are overstated.

Communities impacted by targeting often form their own informal networks including publishing information and links to good quality opinion and data, and in some cases know each other personally both online and offline. It’s extremely hard (read effectively impossible) for a bad actor to penetrate these networks. Various tools, including the abuse platforms themselves as well as specialist tools developed by the community operate silently in the background. I use these tools myself (although don’t rely on them) and know from experience they are extremely effective. If a red flag pops up in these tools there is currently a 90% chance I’ve already flagged them myself. Yes, someone could try to pollute these tools but reports are scrutinised manually by people who are expert in these domains and know what to look for even when a bad actor is skirting the line.

Any expert in the human rights domain has enough formal and informal knowledge, and can tell at a glance where a bad actor is pushing it no matter how cleverly they try to smarm their way past it. If in doubt some digging into the history and context will pull up anything questionable to the expert eye. When your life depends on it you learn very fast…

Politician agendas, media greed,and shady lobbyists with extremely deep pockets are the real threat. Over 90% of online hostile activity flows from this or is enabled by this or is encouraged by this. Of this 90% comes from a very very small number of persistent bad actors who overwhelm systems. Casual threats are more of an annoyance than anything else.

Social media is like unregulated money markets. There’s no effective standard with the big platforms which monopolise attention. A handful of bad actors can be concentrated by algorithms and move like a mob. There’s nothing new in this.

A hate campaign pushed by an overwhelming number of emails or letters no matter how carefully tailored doesn’t have the effect the authors of the report thinks it does.

The technology is a red herring. It’s suggesting more gold plating on top of more goldplating. It’s a good grift for those selling hardware and software and “security” and not addressing anything fundamental or what matters.

As for public trust in AI being diminished by bad behaviour I can assure readers from personal experience that cat calling and sexist remarks and cleverly disguised misogyny and gaslighting and even unsolicited d*ck pics are nothing new. I haven’t written off the entire human race because of this.

echo • January 13, 2023 9:53 AM

@Winter

This is why I suggest putting people and the usual well tested formal methods and genuine communities first. Putin and his ilk and even any careerist wannabe peddling gishgallop doesn’t survive ten seconds scrutiny. Apply this due diligence to every pinch point in any domain such as politics, the broad spectrum of administration, law, academia, the media both mainstream and alternative… Rollout across all levels with “best practice” being more than just lipservice and kicking the can down the road.

I know of at least one person in the human rights community who knows more than the usual job title experts and is in the final leg to getting their PhD to prove it. Their PhD work doesn’t tell anyone anything they didn’t know or suspect already but it’s useful insofar it’s formally documented and evidenced in one place. I remember seeing academic papers from a decade ago (and likely already a decade or more older back then) which set my radar twitching and this work digs behind the veil and provides evidence. That’s just one person and I’m thinking of just one single data point.

I know of bad actors who tried the academic route and it backfired on them.

People who tried to wriggle their way into UN committees on the back of academic “cred” have been busted.

Putin doesn’t bother me one bit. When one blow dried CNN desk jockey scratched their head at Putin and an ex NSA security analyst laughed at Putin it’s an indicator he’s getting nowhere. In fact only last night I watched a Youtube by one of the go-to academics for opinion on Russia when referring to the same topic he pointed out Putin was bullshitting. As for those headcases Bannon and toad face Farage to name but two professional attention seeking grifters…

The “firehouse” only works if you let it. That’s why editorial policies (including human rights criteria not loophole dodging nonsense), decent editors, and actual real journalism matter. Regulation and fitness to own an outlet are a thing too. Recruitment matters too as unless there’s a voice in the meeting nod along complacency can have too much influence. See also employment policies.

echo • January 13, 2023 12:33 PM

@Winter

Scrutiny by you, maybe. Not by the less educated, as has been shown time and again. Look at how many people still believe Putin’s tales about who shot down flight MH20.

True. The thing is all the not very bright journos et al get themselves red flagged too. Bad editors and bad media owners have a grip on the industry. Loopholes in regulation allow them to get away with it if they phrase things just so.

I watched two recap videos on the Ukraine war by two different outlets. One, I think, was by an ex diplomat.the other was a bigwig at a respectable think tank. My personal view was both got a little caught up in their excitement to the point where a nudge or two and they would have been ego polishing Putin and scaremongering the West into defeatism. Some of their opinion didn’t click with other expert and on the ground sources I follow. It would be easy, I suppose, for a none expert who wasn’t following close to the source updates to form an impression and be emotionally swayed or sucked in even if it was just a touch.

I have seen more overt ego polishing and doom mongering by people who professionally should know better which were not supported by the facts either historically or as new data arrived.

Emotional responses and emotional manipulation can often be overlooked at any stage of the information chain.

I had an online meeting with someone this year. It should have about building a lobbying and policy platform but I picked up something else was going on. Now instead of putting work into creating this they chummed certain names and now are they’re off doing the television studio circuit along with another known person in what might best be described as a pincer movement. They’re one trick ponies but good at what they do and aren’t phased by the flack they get. This is intensely annoying but then targeted action at a single point can have an effect and that’s the main thing. They’re good with the facts but there’s really a perception and emotional battle playing out.

It’s a few steps indirect but there’s also legal manoeuvring happening and it’s a small world. The people I mentioned know people who know people who are quietly peeling away at the armour of one high profile bad actor out there.

The thing is this action over here and that action over there don’t look connected but they are.

There is a Putin angle lurking away but Putin isn’t really a player in this space. I cannot think of a single measurable impact he’s had. At best he’s bandwagoning known bad actors and making a fool of himself. He only makes domestic inroads because of his authoritarian grip on law making and the media and the threat of FSB toughs knocking on people’s doors.

The MH20 thing is a bother, I agree, and wrapped up with Russian regime projecting and victimhood. But then Putin has no credibility due to the number of lies spraying out from the Kremlin, and his attempt to hold the developing nations to hostage and try and twist them into believing the victimhood narrative and blaming NATO/The West/UK-US didn’t work out as planned.

The world is very shitty at the moment but I’m hopeful.