Ethical Design in the Age of Artificial Intelligence

However our information aggregation and distillation AI’s work behind the scenes in murky fashion, uncontrolled by user inputs and they affect humanity’s direction right now.

From Asimov’s laws of robotics to the present people have wrestled with the ethics of decision-making processes for AI’s. This seems urgent in this age of drones and robotics, but the greatest urgency is in the world of social media and information distillation.

The AI engines that work in drones and robots decide singular events – and when they fail responses and repair will be quick. The questions by failures to keep humans in the loop, how are decisions made in combat, or in traffic will be all answered over time after events and failures occur.

However our information aggregation and distillation AI’s work behind the scenes in murky fashion, uncontrolled by user inputs and they affect humanity’s entire direction now. It’s a scary world when whole populations become herdable or affected at once, and we don’t even understand the who, the how, or the why of these engines. This is why ethical design review is a must going forward.

You are Overdue to Convert to LED Lighting

lights_leds_hero

If you haven’t yet replaced your incandescent and CFL lighting with LED’s you are wasting money every single day that you postpone it. While the initial conversion investment is high, the energy savings are noticeable in your electric bills.
I converted a couple of years back, and there’s no way I will allow incandescent lights in my house anymore.

“The rapid adoption of LEDs in lighting marks one of the fastest technology shifts in human history,” Goldman Sachs stated in a new report.

I recommend that you shop carefully because these bulbs are more expensive and because it’s likely that they will last 3-10 years. Getting halfway through your conversion and then deciding you want cool white instead of soft white is a big, and costly mistake. The four main factors you want to consider when shopping:

  1. Lumens – this is a measure of how bright the light is, however if you are more comfortable with wattage equivalence most packaging will tell you what incandescent wattage that the bulb is equivalent too. If you are converting from incandescent then wattage equivalence is probably your best method for selecting the appropriate brightness. ( e.g. equivalent to 60w, 75w, 100 w, etc.)
  2. Kelvin – this is a measure of where this bulb fits on the color scale – whether you select Soft white ( ~2700 Kelvin) for it’s warm, incandescent look, Cool white ( ~4100 Kelvin) for it’s whiter, brighter look or if you go fully modern with daylight (~ 5000 – 6500 Kelvin) and it’s bright blue-white look you want to get it right. While it’s possible to mix and match, it’s a notable difference when you have light pools from different kelvin range bulbs overlapping. So if you do use different Kelvin bulbs, it’s best to keep them in separate rooms – e.g. daylight bulbs everywhere except in bedrooms, where you use soft white instead.

  3. Wattage used – try to get the light brightness and Kelvin range you want with the lowest watt usage. Reducing watts used to save money over time is exactly what this conversion is about.

  4. Manufacturer – there are lots of people making these bulbs now, but from my experience the no-name and off brands struggle with quality and consistency. Get a good brand, like GE, Sylvania, FEIT.

Let’s talk a second about conversion strategies and other considerations. Some LED’s are flaky when you put them on dimmer switches, so make sure you get the dimmable LED bulb if that’s where they are going. Don’t expect a smooth dimming scale either, you only get two levels of brightness when you use a dimmer with LED’s.

If you are on a budget and can only afford to replace a couple of bulbs per paycheck, then start with your highest wattage lighting applications first balanced against the lights that are on the longest every day. The high wattage offenders tend to be yard lights, garage/shop lights, basement lights, and kitchen lights – however those usually aren’t the lights that you use the most. Replace the lights you use most first, then replace the rest from highest wattage to lowest in order.

Lastly, pay attention to socket or mount type – this is the type of fixture or socket size that the bulb fits into. Good luck on your replacement project!

Below is an article about the LED revolution and a link to 5 Charts at Think Progress to help you figure out why this is a good decision:

The accelerated deployment of light-emitting diode (LED) bulbs is on track to save U.S. consumers and businesses $20 billion a year in electricity costs within a decade, which would lower U.S. CO2 emissions by some 100 million metric tons a year! The growing global effort to speed up LED adoption could ultimately cut global energy costs and carbon pollution 5 times as much.

Currently the best LED bulbs cut electricity use by 85 percent compared to incandescent light bulbs and by 40 percent compared to fluorescent lights. By 2020, Goldman expects those savings to increase to over 90 percent and 50 percent respectively.

Let’s look at some key charts and facts that illustrate the LED lighting “miracle,” which is every bit as remarkable — and every bit as unheralded by the major media — as the solar miracle, the battery miracle, and the electric vehicle miracle.

More: 5 Charts That Illustrate The Remarkable LED Lighting Revolution

Nest’s Lost Opportunity

We are at a huge convergence – now is when our cities and homes go automated, intelligent, robotic, and context aware.

Ron Amadeo at Ars Technica outlines the sad path that Nest has taken since acquisition by Alphabet/Google. It’s mostly a tale of lost opportunity, since at this amazing moment the future of home control in the new internet of things world is being mapped, and the window is closing for those who want to be main players determining the strategy and driving the direction.

With Amazon, Apple, and Microsoft all putting hubs forth Google had to respond and Nest really missed that boat. (Just as Microsoft missed an earlier Internet of Things opportunity years ago by not putting much into their Home Server efforts.)

We are at a huge convergence – now is when our cities and homes go automated, intelligent, robotic, and context aware. There’s a huge wave to ride there for able surfers, and Nest appears to have wiped out.

Facebook Biometric Snooping Called Illegal By LISA KLEIN

Noteworthy news on the privacy front:

By Lisa Klein, Courthouse News Service:

Facebook violated its users’ privacy to acquire the largest privately held stash of biometric face-recognition data in the world, a class action claims in Chancery Court.

Lead plaintiff Carlo Licata claims Facebook began violating the Illinois Biometric Information Privacy act of 2008 in 2010, in a "purported attempt to make the process of tagging friends easier."

Through its "tag suggestions" program, Facebook scans all pictures uploaded by users and identifies any Facebook friends they may want to tag, according to the April 1 lawsuit in Cook County Court.

Facebook got its facial recognition technology from the Israeli company Face.com, which Facebook later bought. Face.com is not a party to the lawsuit.

via Courthouse News Service.

What are the Best Encryption Methods?

This is an aggregation of links to recommendations and standards for best encryption practices.

I wrote this back in 2013, but not much has changed for encryption level standards – these are still best sources I can find. So I’m reprinting an old post in the hopes of propagating better information.

This question is getting asked a lot, and the answers you see out in the public sphere of the internet range from pathetically underwhelming to just plain wrong in some cases. So this is my attempt to point people in the right direction. When you do see people who know what they are talking about discussing security the talk can turn towards holy wars, philosophical rabbit holes, or just become so overburdened with acronyms that a layman has to give up. So I’m going to point you to some concise and comprehensive web documents to help solve the problem.

Disclaimer: I’m not an authority, nor am I speaking for my employer, or any other group; this is entirely my own humble opinion.

You must use a combination of security protocols, practices, and standards to truly secure your data and network into the next decade. The brute force hacking ability available to individuals has been greatly extended and enhanced the past few years. By strapping together a high-powered computer and some high-powered video cards hackers can have the power of one of yester year’s supercomputers in their hands without spending the equivalent of a small nation’s budget to get there. Everything, including the methods in the links I’m going send you to, is theoretically hackable given enough computing horsepower and time. Your task is to make the time and horsepower curve too steep for hackers anytime in the immediate future and to persistently upgrade as these methods and standards evolve.

The first stop is Cisco and their next generation encryption white paper. Pay attention to the tables in the document first – upgrading to the recommended Next Generation encryption levels is best, but where circumstance, budget, or hardware capacities prevent that you should go to the “acceptable” levels, and if even that’s not possible, then at least try to meet the minimums in appendix A at the bottom and then add some controls to protect or mitigate your weakly encrypted data. Pay the most attention to tables one and two, which are pretty self-explanatory, and please read the caveats in the text, the heavier overhead encryption methods can cause hardware and software processing overload if you don’t engineer to right capacity. Also note that there’s an NSA paper linked if you need to see what’s needed for Government encryption security.

Next stop is the National Institute of Standards & Technology PDF http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf – this document tells you what our best standards body thinks. At this link you will find many NIST PDFs on most security processes, recommendations, and standards that you might care about including Key Generation & Handling.

The next stop  is W3C – since so much of what we do is web centric, it’s very important to make sure Developers are securing data locally, through web encryption standards, and for cross site vulnerabilities. If you are following modern web standards then you’ll be using a bit of XML to share data & you will find sub links for encrypting XML as well as other protocols, and since it’s important to follow standards to prevent hacking, you should use the W3C validation tools against your pages regularly.

All of this is for naught however if you don’t layer your security – encrypting is just one part of protecting data. You must also consider physical layers, process deterrents, and prevention of social engineering attacks. When all is said and done remember that you must still be able to work – don’t make yourself so secure that you can’t.

Bruce Schneier’s Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World

Here’s a great Berkman panel discussing Bruce Schneier’s new book that zig-zags back and forth on which is worse – big data, or big government snooping.


via Bruce Schneier’s Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World – YouTube.

Microsoft Tells U.S.: The World’s Servers Are Not Yours for the Taking

Microsoft legal has a philosophy that local laws ought to apply to data — the only part that gets fuzzy under this approach is cloud data that is mirrored in multiple servers across multiple nations.

This discussion and case is highly important for the future of technology – if one country can by fiat demand that only country of origin laws apply to US companies doing business in foreign countries, what kind of reception and business can they expect? If your data is not secure when housed in US data farms, where will the data farms go? There will be lots of fallout from this case that could affect US employment. Right now businesses seek secure and stable locations that have class A networks for their data farms – if we fall behind in laws protecting data, and in network, we aren’t going to see many cloud farms built here.

The major market share players for PaaS and SaaS cloud services are Amazon, Google, and Microsoft – if the NSA continues to take an “All your base are belong to us” approach then that’s not going to continue.

Microsoft’s fight against the US position that it may search its overseas servers with a valid US warrant is getting nasty.

Microsoft, which is fighting a US warrant that it hand over e-mail to the US from its Ireland servers, wants the Obama administration to ponder a scenario where the “shoe is on the other foot.”

“Imagine this scenario. Officers of the local Stadtpolizei investigating a suspected leak to the press descend on Deutsche Bank headquarters in Frankfurt, Germany,” Microsoft said. “They serve a warrant to seize a bundle of private letters that a New York Times reporter is storing in a safe deposit box at a Deutsche Bank USA branch in Manhattan. The bank complies by ordering the New York branch manager to open the reporter’s box with a master key, rummage through it, and fax the private letters to the Stadtpolizei.”

In a Monday legal filing with the 2nd US Circuit Court of Appeals, Microsoft added that the US government would be outraged.

More: Microsoft Tells US: The World’s Servers Are Not Yours for the Taking

Also See:
For in depth coverage of these positions
Brad Smith and Jonathan Zittrain on Privacy, Surveillance, and Rebuilding Trust in Tech | Noblesse Oblige

Click to access verizonamicus.pdf

Click to access applebriefinremicrosft.pdf

Brad Smith and Jonathan Zittrain on Privacy, Surveillance, and Rebuilding Trust in Tech

Some key concepts come up in this discussion of trust and corporate principles in the Post Snowden age of the internet. Pay attentions to Microsoft’s conclusions on when to redirect government subpoenas and when to deny extraterritorial requests.

“…but secret courts with secret decisions are NOT part of the American legal tradition” — Brad Smith — Microsoft’s general counsel and executive vice president of Legal and Corporate Affairs on the need for reform of the FISA court.


 

Brad Smith and Jonathan Zittrain on Privacy, Surveillance, and Rebuilding Trust in Tech – YouTube.

Net Neutrality’s Biggest Fan: Justice Scalia

One of the key arguments in the brand X case was that broadband providers didn’t just offer transmission, but also packaged information services such as e-mail, and thus were information providers. However you then have to ask what’s the essential difference between voicemail and email other than media format?

It’s an important discussion especially at this juncture; telephony has always been held to higher standards for stability and reliability than broadband. Now that broadband is consuming wired telephone service with VOIP and media conferencing services, it’s time to ask public safety questions like: shouldn’t broadband be at least as dependable at POTS was?

e.g. If the area power goes out and you have POTS, your phone will still work due to an infrastructure that includes batteries, UPS’s, and Generators at strategic nodes to keep phone system electric current available during power outages. If your cable goes out you have no such system to keep your phone in service, indeed if you want a battery for your cable modem in most cases you have to ask. If the area power goes out, your phone dies if it’s over a broadband pipe.

Before net neutrality became a left-wing cause célèbre, it had an unlikely champion: U.S. Supreme Court Justice Antonin Scalia.

In 2005, Scalia in a dissent wrote that the Federal Communications Commission should classify broadband providers as a more heavily regulated Title II telecommunications service—a position in sync with a statement from President Barack Obama on Monday as well as with calls from groups such as Free Press and Consumers Union.

“After all is said and done, after all the regulatory cant has been translated, and the smoke of agency expertise blown away,” Scalia wrote in 2005, “it remains perfectly clear that someone who sells cable-modem service is ‘offering’ telecommunications.”

Justice Ruth Bader Ginsburg and since-retired Justice David Souter joined his dissent in National Cable & Telecommunications Association v. Brand X Internet Services.

via National Journal

If You Use SSL 3.0, it’s Time to Migrate Off

Google’s getting ready to phase out SSL 3.0 in Chrome 39 due to it’s vulnerability to “man in the middle” attacks like those presented by Poodle.

apgoogle data center
If they are going there, then you need to move as well. While Google’s move will protect consumers using Chrome, it’s not going to help you if a hacker gets into your network using an old browser that allows downgrade to SSL 3.x or lower short keys and your apps still accept that.

If you still allow old versions of ssl (aka secure sockets layer, now superseded by TLS 1.2,) to be used in your enterprise due to outdated applications or hardware deficiencies then you need to migrate to TLS 1.2 and disallow insecure SSL 3.0 and lower connections that might still use short cryptographic keys. (SHA 256 or better is the current NIST recommendation. See table on page 67.)

You also need to be very aware that several well known web services and applications just one or two versions down sometimes come with older versions of SSL embedded in Apache Tomcat services. A good scanner such as Nessus will reveal that an insecure version of Apache (or whatever) SSL is being used with shorter keys, but it won’t tell you which app is the culprit so you are going to have to monitor the transactions to trace them back if you are not sure which one it is. This is especially true if your app vendor is not coming clean about it. Longer keys also take more server resource to crypt/decrypt so be prepared for a potential performance hit after you upgrade.

From Lucian Constantin at InfoWorld:

The decision comes after Google security researchers recently discovered a dangerous design flaw in SSL 3.0. Dubbed “POODLE,” the vulnerability allows a man-in-the-middle attacker to recover sensitive, plain text information like authentication cookies, from a HTTPS (HTTP Secure) connection encrypted with SSLv3.

Even though POODLE is the biggest security issue found in SSL 3.0 so far, it is not the protocol’s only weakness. SSL version 3 was designed in the mid-1990s and supports outdated cipher suites that are now considered insecure from a cryptographic standpoint.

HTTPS connections today typically use TLS (Transport Layer Security) versions 1.0, 1.1 or 1.2. However, many browsers and servers have retained their support for SSL 3.0 over the years — browsers to support secure connections with old servers and servers to support secure connections with old browsers.

More:

http://www.infoworld.com/article/2841961/applications/google-to-kill-off-ssl-30-in-chrome-40.html