History, Security

EU Court: Holocaust Denial is not Protected Speech

Leave a comment

General Eisenhower wisely and famously wrote to General Marshal in 1945 that we need to protect the future by carefully documenting the past:

I made the [Buchenwald concentration camp in Thuringia, Germany] visit deliberately, in order to be in position to give first-hand evidence of these things if ever, in the future, there develops a tendency to charge these allegations merely to “propaganda.”

Presidential archive copy of a letter from General Eisenhower to General Marshall, April 15, 1945.

General Patton and others wrote similar records of disgust at what they saw, as well as concern with the German people’s ability to operate around and in these death camps as if genocide was just business as usual.

And now a smart ruling has been heard from the European Court of Human Rights that should have an immediate and serious impact to data platform safety regulation:

Pastoers’ argument that his statements were protected by Article 10, which protects freedom of expression, was “manifestly ill-founded,” given that he “had intentionally stated untruths in order to defame the Jews and the persecution that they had suffered,” the Strasbourg, France-based court ruled on Thursday. His complaint that he was denied a fair trial in Germany was also rejected by the ECHR.

Pastoers had given a speech a day after Holocaust Remembrance Day in 2010…

[…]

The tribunal said the German had deliberately obscured some of his remarks to try to get his message across more subtly.

“The impugned part had been inserted into the speech like ‘poison into a glass of water, hoping that it would not be detected immediately,’” the court said.

An example of hidden Nazi messages in daily communications is one of the most popular blog posts I’ve ever written. Detecting it isn’t the hard part.

Acting upon it has been the bigger issue, as Google, Twitter and Facebook executive management have repeatedly and intentionally declined to block poisonous speech. They operate a philosophically and historically misguided willingness to profit as Americans from dispensing known harms that seriously damage markets around the world.

For example, documented hate group FAIR in the last year alone has spent $934,000 on Twitter ads, $910,000 on Facebook ads, and $111,000 on Google/YouTube ads.

…founder, John Tanton, has expressed his wish that America remain a majority-white population: a goal to be achieved, presumably, by limiting the number of nonwhites who enter the country.

Another way of looking at this is Facebook records income from dispensing poison:

From May 2018, when Facebook began publishing its archive of political and social advertisements, to September 17, 2019, at least 38 hate groups and hate figures, or their political campaigns, paid Facebook nearly $1.6 million to run 4,921 sponsored ads. Some ads call undocumented immigration an “invasion.” Others claim that LGBTQ people are “evil.”

“This is an astounding amount of money that’s been allowed to be spent by hate groups,” Keegan Hankes, interim research director of SPLC’s Intelligence Project, told Sludge. “It reaches a lot of people with some very toxic ideologies. Obviously that’s incredibly worrisome, if not a little unsurprising given Facebook’s track record specifically around these ideologies.”

Even more to the point, Facebook has hired people into executive positions with intent to undermine democracy through dispensing misinformation:

Harbath is Facebook’s head of global elections policy. She literally worked for Rudy Giuliani. I can’t make this up.

And insider threats in data platforms who are virulently anti-democracy and who like to use hate dissemination and misinformation techniques are not something to be surprised about, as I presented at Kiwicon in 2016.

Hate groups flock towards technology positions, and attempt to insert or influence staff there, like criminal syndicates attracted to bank jobs.

History, Sailing, Security

When Can You Trust Cloud Providers?

Leave a comment
The Raft of the Medusa by Géricault depicts service provider incompetence of 1816: “Crazed, parched and starved, they slaughtered mutineers, ate their dead companions and killed the weakest”

Our first book detailed the infrastructure risks in cloud environments. It gave basic instructions for how to make it safe to build a cloud.

However, I realized right away that a second book would be necessary as I saw operations going awry. People offering data “services” in cloud environments were doing so unethically.

That’s why since 2013 I’ve been working on tangible, actionable solutions to problems in cloud environments like the impostor CISO, the immoral SRE, and the greedy CEO.

It has been a much harder book to write because The Realities of Securing Big Data crosses many functional lines in an organization from legal to engineering, sales to operations. A long-time coming now, it hopefully will clarify how and why things like this keep happening, as well as what exactly we can do about it:

We recently found that some email addresses and phone numbers provided for account security may have been used unintentionally for advertising purposes. This is no longer happening and we wanted to give you more clarity around the situation: https://help.twitter.com/en/information-and-ads

…and that led to everyone asking an obvious question.

You may remember a very similar incident last year and wonder why nobody at Twitter thought to test their systems to make sure they didn’t have the same security flaws as a safety laggard like Facebook.

Facebook is not content to use the contact information you willingly put into your Facebook profile for advertising. It is also using contact information you handed over for security purposes and contact information you didn’t hand over at all.

Facebook and Twitter, after flashy high-profile CISO hires and lots of PR about privacy, both have sunken to terrible reputations. They rank towards the same levels as Wells Fargo in terms of customer confidence.

Facebook has experienced a tumultuous time due to privacy concerns and issues regarding election interference, ranked 94th. Wells Fargo ranked 96th. The Trump Organization ranked 98th, considered a “very poor” reputation.

The Drum says even the advertising industry is calling out Twitter for immorality and incompetence:

Neville Doyle, chief strategy officer at Town Square, suggested it was “enormously improbable” that Twitter ‘inadvertently’ improved its ad product with the sensitive data, and blasted the tech giant for being either “either immoral or incompetent”. Either way, he said, it was playing “fast and loose with users’ privacy”. Respected ad-tech and cybersecurity expert Dr Augustine Fou, who was previously chief digital officer at media agency Omnicom’s healthcare division, also branded Twitter’s announcement as “total chickenshit”. Last July, the Federal Trade Commission (FTC) fined Facebook $5bn for improperly handling user data, the largest fine ever imposed on company for violating consumers’ privacy.

The technology fixes ahead are more straightforward than you might imagine, as well as the management fixes.

In brief, you can trust a cloud provider when you can verify in detail a specific set of data boundaries and controls are in place, with transparency around staffing authorizations and experience related to delivering services. Over the years I’ve led many engineering teams to build exactly this, so I’m speaking from experience of what’s possible. I’ve stood in customer executive meetings to detail how controls work and why the system was designed to mitigate cloud insider threats, including executives at the highest levels.

You should be especially concerned if management lacks an open and public resume of prior steps taken over years to serve the privacy needs of others, let alone management that lacks the ability to deconstruct how their control architecture was built from the start to serve your best interests.

What has been hard, especially through the years of Amazon’s “predator bully” subscription model being worshiped by sales teams, is keeping safety oriented around helping others. Tech cultures in America tend to cultivate “leaders” that think of innovation as separation; having no way to relate to the people they are serving.

The tone now seems to be changing as disclosures are increasing and we’re seeing exposure of the wrong things done by people who wanted to serve others while being unable to relate to them. Hoarding other people’s assets for self-gain in a thinly-veiled spin to be their “service provider” should never have been the meaning of cloud.

Security

Study Details Racism in LAPD Traffic Stops

Leave a comment

Data in a new LA Times report (and posted to github) reveals that despite whites being found with contraband more often, blacks and latinos are stopped far more often to be searched.

…a black person in a vehicle was more than four times as likely to be searched by police as a white person, and a Latino was three times as likely.

Yet whites were found with drugs, weapons or other contraband in 20% of searches, compared with 17% for blacks and 16% for Latinos. The totals include both searches of the vehicles and pat-down searches of the occupants.

The analysis in the report indicates less evidence was used to prompt a search of latinos and blacks than whites. On top of that, after being stopped and searched, whites also saw better treatment and lower arrest rates.

Blacks and Latinos were more than three times as likely as whites to be removed from the vehicle and twice as likely to either be handcuffed or detained at the curb, the Times analysis found.

About 3% of blacks and Latinos stopped by the LAPD were arrested, compared with 2% of whites.

To put it another way, the city is 9% black yet 27% of people being searched are black; the city is 28% white, yet 18% of those being searched are white.

Security

US Administration Fights to Protect Human Trafficking and Disinformation Platforms

Leave a comment

The U.S. already has a reputation for its lax approach to infrastructure regulation that “encouraged the spread of disinformation and supported a powerful forum for harassment and bullying”.

Current occupants of the White House are taking that even further.

American infrastructure is said to be getting legal protections against accountability pushed on foreign trade deals, known as adding in Section 230.

Last year, Congress overwhelmingly approved a bill making it possible to sue online platforms for knowingly facilitating sex trafficking. Lawmakers have raised the prospect of creating additional carve-outs for the online sale of opioids. Critics of Section 230 say they are alarmed by the inclusion of its provisions in trade deals.

In other words despite representatives in U.S. government working to protect the world from clear and documented harms, the White House is headed in an opposite direction by trying to instead protect criminal behavior such as child trafficking operating in the U.S..

This relates directly to other recent news that the American cloud service providers often are abused by men operating them to victimize women and children around the world.

Studies repeatedly show “it’s disproportionately women who are targeted” using cloud services and enslaved.

Seventy-six percent of trafficked persons are girls and women and the Internet is now a major sales platform.

Epstein no longer being protected by powerful American men, found dead in his cell and quickly forgotten, may actually mean he was replaced by technology…and that’s why now it is being made untouchable instead of him.

By allowing lawsuits to proceed as one would normally expect, a court would be able to deliberate and find the right balance between freedoms of expression and clear cases of harm.

“The use of Twitter by the defendants to post allegedly defamatory statements cannot subject the plaintiff to the terms of use agreement and the forum selection clause as it would not subject a plaintiff who did not have a Twitter account to the terms of use agreement,” the ruling states.