Technology

State Election Officials Didn’t Know About Russian Hacking Threat Until They Read It in the News, Emails Show

Published by Anonymous (not verified) on Thu, 21/06/2018 - 3:18am in

Voters across the country were shocked to learn last year, through the disclosure of a top-secret NSA document, details of an intricate plot by Russian military hackers to infiltrate American electoral systems. New emails obtained by The Intercept through public records requests illustrate the disturbing extent to which potential targets of the attack were caught unaware, having apparently remained in the dark alongside the voting public.

On June 5, 2017, The Intercept published a top-secret National Security Agency assessment that detailed and diagramed a Russian governmental plot to breach VR Systems, an e-voting vendor that makes poll book software used by several pivotal electoral battleground states, such as North Carolina and Virginia. The report attributed the scheme to the Russian General Staff Main Intelligence Directorate, or GRU. GRU’s plan, the NSA claimed, was to roll any success with VR Systems into a subsequent email attack against state voting officials across the country.

According to the documents obtained by The Intercept, officials in a handful of crucial swing states were completely unaware that GRU was trying to infiltrate their voting systems — for months and months after the election had taken place. Experts contacted by The Intercept decried a system in which overstretched state officials were in the dark about potential threats. A former official from the Department of Homeland Security told The Intercept on the condition of anonymity that warning about the potential attacks did not filter down to state-level officials in part because of complicated bureaucratic turf wars between the NSA, DHS, and local bodies — all of which were exacerbated because, for the NSA, transmitting word of the cyberattacks down the chain was “not a high priority issue.”

In North Carolina — which had reported widespread, glitchy disruptions on Election Day — key state voting officials clearly were never filled in on the details of the threat they had faced seven months prior. Rather, the officials learned the details in the news along with the rest of the public, without permission or authorization. These emails, obtained via public records request, underscore the total failure of the U.S. government to get information about imminent threats to election infrastructure to the people most affected, and raises the crucial question of why exactly it took roughly seven months for word of a credible attack against the integrity of American elections to reach the very people and systems under threat.

In a June 2017 email to members of North Carolina’s Mecklenburg County Board of Elections, Kimberly Strach, the executive director of the state’s Board of Elections and Ethics Enforcement, made it clear that reports that the county “could have been subject to outside interference during the 2016 general election” were unexpected. She also announced that the state was beginning an “investigation” to “determine if any interference occurred.”

A separate June 15 email from Mecklenburg Commissioner-at-Large Trevor Fuller to Director of Elections Michael Dickerson echoes this uncertainty: “I’d like to know your thoughts about the reporting that a voting system software company whose product that we use was hacked by the Russians,” Fuller asked. “Have we investigated whether this had any impact in Mecklenburg County?” Fuller responded that the county’s IT staff found no GRU emails in Mecklenburg inboxes.

That such investigations into an attempt to compromise a presidential election didn’t even begin until the summer after Election Day is cause for concern, said Susan Greenhalgh, a voting security expert and policy director at the National Election Defense Coalition, an advocacy group. “It’s very troubling,” Greenhalgh told The Intercept, that officials at the state and county levels “only felt compelled to investigate further after it was reported publicly.” Still, Greenhalgh added that she’s heard complaints of inadequate or untimely intelligence-sharing “again and again” from state election officials.

A spokesperson for North Carolina’s Ethics Board confirmed that it didn’t begin any investigation until after the NSA report was made public because the state’s voting officials were never informed of the GRU threat in advance. “At the time, the information-sharing was not as good as it is now,” this spokesperson added. “The State Board of Elections & Ethics Enforcement now has a great working relationship with our federal partners at the Department of Homeland Security.”

North Carolina wasn’t alone. In Virginia, another state that used VR Systems poll book software on Election Day, officials also appeared to be in the dark about what was revealed in the NSA report. On June 16, about a week after the NSA report was published, the Virginia Department of Elections’ Chief Information Officer Matthew Davis emailed the Department of Homeland Security “looking for some guidance” on the situation. “We are one of the states that uses VR Systems for electronic pollbooks,” Davis wrote. “Are there any steps that we need to be taking?” Given the particular nastiness of the malware that GRU hackers had tried to spread at the state level, if Davis or any of his colleagues had been successfully infected, they would have been rather far beyond the point of taking any protective “steps.” Nonetheless, Homeland Security didn’t have much to share, noting that the agency was still “working with partners to assess the intelligence and provide information out to you all.”

Even once news of the GRU attack arrived in Virginia, election officials remained unsure if they had even been victims — in a July 2017 email conversation between former Virginia Commissioner of Elections Edgardo Cortés and spokesperson Andrea Gaines, the two discussed how to respond to an Associated Press reporter asking if the state had been breached by the hackers. Gaines suggests telling the reporter that “there were no breaches discovered.” Cortés’s reply doesn’t inspire much confidence: “We need something a little broader … cause it’s more ‘as far as we know’ sort of situation.”

In a statement to The Intercept, the Virginia Department of Elections said it “continues to work with our local, state, and federal partners to ensure the safety and security of our electoral process,” but declined to answer specific questions about its knowledge of VR Systems or the GRU campaign. A Homeland Security spokesperson also declined to comment.

An email summary of a meeting between Virginia state election officials from that same week following the release of the NSA report also reflects a group caught unaware. The June 15, 2017 email, sent by Radford County Director of Elections Tracy Howard, told colleagues, “DO NOT be surprised if you get a call or visit from the FBI,” suggesting that such visits had not yet occurred.

At the federal level, those tasked with running American elections also seemed to be without vitally important information. On June 6, the day after the NSA report’s publication, the Election Assistance Commission issued an alert bulletin with a revealing title: “Following NSA document leak, EAC Issues Guidance and Recommendations.” The EAC attributed the alert not to federal intelligence or law enforcement agencies, but rather “to credible news reports that surfaced yesterday.”

Seven months after it mattered most, the EAC told election officials nationwide that “the Federal Bureau of Investigation (FBI) and the Department of Homeland Security (DHS) are currently notifying the officials who were targeted by the attack and are coordinating the incident response.” The alert went on to provide simple, concrete steps that people could take to check if they were targeted or compromised by the GRU hackers, such as checking “email logs for emails from noreplyautomaticservice@gmail.com and vr.elections@gmail.com which were identified by the leaked NSA document as being the email addresses utilized by the attackers.”

Incredibly, the EAC went on to publicly promote the alert with a tweet hashtagged #RealityWinner, the name of the NSA analyst accused under the Espionage Act of releasing national security information, which other news organizations have connected to the document in the June 5 Intercept story (The Intercept has no knowledge of the source’s identity). Two days later, the copy of the alert posted to the EAC’s website was edited to remove any mention of the NSA report or its coverage in the press.

There’s nothing in any of the emails obtained by The Intercept indicating a coverup or evidence of deliberate negligence. Rather, the emails leave a startling impression that people around the country for whom this information would have been precious and vitally important to ensuring that GRU’s efforts fell flat were left uninformed. But a communications breakdown can be just as pernicious as any coverup.

A report published last month by the Senate Intelligence Committee, titled “Russian Targeting of Election Infrastructure During the 2016 Election,” said as much. The report noted that “although DHS provided warning to IT staff in the fall of 2016, notifications to state elections officials were delayed by nearly a year.” The report added, “Many state election officials reported hearing for the first time about the Russian attempts to scan and penetrate state systems from the press.” For this reason, “states understood that there was a cyber threat, but did not appreciate the scope, seriousness, or implications of the particular threat they were facing.”

The FBI did reportedly provide briefings to state officials in Florida, though according to the Tampa Bay Times, the warning was vague and came with a demand for continued secrecy. Leon County Elections Supervisor Ian Sancho told the Times that the FBI needed to practice “a little more openness and clarity.” He said, “In security and espionage, secrecy might be a great thing. In the area of elections, secrecy is a poison pill.”

That state-level election officials were left in the dark was no doubt caused, at least in part, by the legal and institutional complexity of sharing information gleaned by American foreign-facing spy agencies with domestic, state-level officials. So, too, is the intelligence community’s eternal unwillingness to share information outside its own ranks as a matter of principle, leaving municipalities in a position in which they must wait for information to gradually trickle down through protracted declassification processes. The NSA has the vast resources and expertise required to identify GRU hackers at work; suffice it to say that Mecklenburg County, North Carolina, does not.

Keeping federal intelligence siloed from the people who need it at the state level is perhaps only part of the problem, said Greenhalgh, the voting security expert. Greenhalgh said the silence after the spear-phishing attempt is “indicative of the lack of seriousness and urgency with which many election officials initially regarded this issue and the knee-jerk reaction from the vendors to sweep the possibility of hacking under the rug.”

Soon after it was made aware of the attack, on November 1, 2016, one of those vendors, VR Systems, issued a brief alert to state customers, warning against opening the suspicious attachment. But the initial warning contained no indication as to whether this was an example of a garden variety email scam or something more grave, only advice against opening the attached files, no matter who had attached them or why. At this very early point in the affair, VR couldn’t have known it was being targeted by the GRU or discerned exactly what malware was lurking in those files. Still, it wasn’t until June 2017 that the company provided election officials with a more comprehensive, three-page set of “Frequently Asked Questions” about the attack that reflected an understanding more sophisticated than a general warning not to click on a link or attachment.

Greenhalgh said both federal intelligence-hoarding and PR-minded vendors make for a poor security foundation. “In this case there was a vendor that played a critical role in the running of elections in several states and there was an attempt to compromise that vendor. And that information should be shared with the vendor and all of its customers, at a bare minimum,” Greenhalgh said. “You don’t need to be talking about classified signal intelligence to be able to share that basic information.” She added, of private-sector election systems contractors, that “the vendors are not forthcoming with the possibility of security breaches with their customers because they have financial disincentive to talk about that.”

A VR Systems spokesperson denied that the company was ever hacked, contrary to the NSA assessment that the company was “likely” breached by the GRU in some fashion in order for the hackers to prepare for targeting state election officials. The spokesperson added that after “turning the matter over to law enforcement” back in November 2016, the company “did not hear any more about it” until being contacted by The Intercept for comment prior to the publication of the NSA report.

“In the midst of the 2016 election, there was difficulty getting information about what happened at VR Systems out of law enforcement, specifically the FBI.”

According to a former Homeland Security official who spoke to The Intercept on the condition of anonymity because they were not authorized to speak to the media, the DHS would have liked to have given information about the GRU threat to states, but had been impeded by both the FBI and the NSA. “In the midst of the 2016 election,” the ex-official said, “there was difficulty getting information about what happened at VR Systems out of law enforcement, specifically the FBI.” The bureau refused to share its GRU findings with other federal agencies because “they were treating it as an open investigation” and therefore, off limits, the official said.

“We didn’t realize that there was a problem with VR Systems until the FBI decided to hold a phone call with a bunch of Florida election officials in the fall of 2016,” the former official continued. The DHS “didn’t know about that call until about 30 minutes” beforehand, they added, and even then was informed by a state election official — there was no formal heads-up from the FBI. The former official added that even within the FBI, there was a deep reluctance to share information about what had happened to VR Systems, with the Florida field office treating the investigation as a local criminal matter, and not something of national concern. (The FBI declined to comment for this story.)

As for the NSA, the DHS source told The Intercept that the American spy agency tasked with monitoring the whole of the internet was unaware of the GRU attack until “March or April,” months after the fact. (The NSA report itself cites information that “became available in April 2017.”) The NSA informed the DHS of its findings in “early May,” the ex-official said, but the intelligence was so heavily classified that it would’ve been illegal to share it with the election operators who needed it. The conundrum spurred Homeland Security to immediately request a “downgraded” version of the top-secret findings that could be passed on to state officials. “We were definitely pushing NSA to give that to us as fast as possible. Personally, I was extremely frustrated,” the source explained. “When we from a DHS perspective go to NSA and say, ‘Hey, we need to downgrade [this] information,’ it was not a high-priority issue.”

The former official described the situation as a battle over “turf” between intelligence and law enforcement agencies, confounded by the “FBI’s unwillingness to share” and the NSA’s reluctance to speedily declassify its findings. “That is an inherent rub,” the former official explained, “that the federal government has between its treatment of cybersecurity as a law enforcement problem” — which is the domain of the FBI — “and a network protection problem,” typically the NSA’s territory. Meanwhile, officials in Mecklenburg County and swing-state counties like it around the country were oblivious.

To Greenhalgh, a longtime election observer, there’s a simpler explanation: It’s easier to not think about how vulnerable these systems really are. To county governments on fixed budgets, it’s an administrative nightmare. To e-voting vendors, it’s poison PR. To spy agencies and law enforcement, it’s proprietary.

That unwillingness to see the depth and scope of the problem at hand — from those who would explain the whole crisis away as a misunderstanding, rather than reckoning with the fact that Russian hackers were able to effectively menace the American electronic voting system with an obviously bogus Gmail account — was put on display at an EAC meeting last spring. EAC convened the meeting at a riverside San Antonio hotel to discuss, among other issues of election integrity, how to counter the media “narrative” that American elections face an outsider threat. The solution to this threat was not to just concentrate on making elections safer from interference, according to a public transcript, but savvier public relations.

After showing meeting attendees a slide of headlines about election security issues, EAC Communications Director Brenda Bowser Soder suggested the fix was to out-media the media: “My frustration is, you and I both know, those are not the headlines that should be shaping perceptions of elections and their work moving forward.”

It would be months after Soder’s presentation on unfair media narratives before many state election officials learned this was more than just a narrative.

Top photo: An elderly couple reads a ballot prior to voting on Nov. 8, 2016, in Durham, N.C.

The post State Election Officials Didn’t Know About Russian Hacking Threat Until They Read It in the News, Emails Show appeared first on The Intercept.

Can #MeToo Change the Toxic Culture of Sexism and Harassment at Cybersecurity Conferences?

Published by Anonymous (not verified) on Tue, 19/06/2018 - 9:00pm in

Camille Tuutti can’t remember all the times she’s been harassed. A prominent information technology journalist and editor, Tuutti feels that her friendly and outgoing personality — a necessity in her line of work — has often been misinterpreted by men in her field as an invitation for inappropriate behavior, especially at top cybersecurity conferences, where binge drinking is encouraged. Drunk men have often put their arms around her and her colleagues. She has been asked out “a million times.” Someone tried to kiss her the first time she met him.

This April, at RSA, a leading cybersecurity conference held in San Francisco, she was walking the showroom with a male colleague when a male stranger asked her what she was wearing to bed. She noticed, too, that vendors at the show assumed that she didn’t know what she was talking about and that her colleague did. And despite organizers’ previous attempts to implement a dress code, many of the booths featured “booth babes” — scantily clad models hired to attract men to vendors’ wares. “It was so tone-deaf, especially in 2018 and especially in the wake of #MeToo,” Tuutti said.

The casual sexism Tuutti encountered at RSA is not atypical of big-league hacker and cybersecurity conferences. While there are no precise statistics available about harassment at these events, anecdotal reports like Tuutti’s have been widespread and documented for years.

The Intercept spoke to nearly two dozen women across the industry who recounted experiences ranging from uncomfortable to traumatic at conferences such as Def Con and Black Hat, held each year in Las Vegas, and RSA, held worldwide. The women who spoke to The Intercept had encountered a variety of offenses, from suggestive commentary and drunken come-ons to groping and assault. Some of the women, among whom are renowned journalists, CEOs, diversity advocates, and hackers, said that even if their own status had shielded them from some of the worst behavior, they had all heard troubling stories from younger colleagues, peers, and friends.

The women who spoke to The Intercept had encountered a variety of offenses, from suggestive commentary and drunken come-ons to groping and assault.

Troubling new stories surface every conference season, said Kasha Gauthier, director in residence for Community Engagement at the Advanced Cyber Security Center, and yet little seems to change. Gauthier and others see the harassment at conferences as part of a systemic problem in the field of cybersecurity. “To me, it’s just even more of what I see in a boardroom,” she said.

“I know many women who have attended Def Con and have experienced some form of harassment,” said Chenxi Wang, a leading expert in cybersecurity. “A lot of women will tell you, ‘I just brush it off and do my own thing.’ That’s fine. But the question is, should we put young women through that? Should we tell them, ‘Oh just toughen up, this is the industry?’”

Even within the field of technology, which is known for its gender bias, cybersecurity remains a particularly striking example. At companies like Google and Facebook, women make up about 30 percent of employees — and there are notably fewer of them the higher up the ranks one goes. Cybersecurity is much worse. According to the widely cited Global Information Security Workforce study, women compose around 11 percent of the industry and, at every level, earn less than their male peers. More than half of women working in cybersecurity have reported discrimination.

The major cybersecurity conferences are more than just massive parties and prankish sideshows. The events are crucial for networking, talking to recruiters, and learning new skills. Sometimes conference presentations become news events themselves. In 2015, hackers at Def Con demonstrated that they could remotely take control of a Chrysler Jeep’s transmissions, leading the company to recall 1.4 million vehicles. Last year, the conference’s report from its Voting Machine Hacking Village sparked a national dialogue on the security vulnerabilities of electronic voting.

As the leading gatherings for key speakers and cutting-edge products, conferences set the tone for what the field can and should look like. All-male lineups of keynote speakers — which have recently been termed “manels,” rather than panels, on social media — are still a frequent occurrence, as they were this year at the RSA Conference. And even as event organizers claim that they are taking steps to address sexism and harassment, many women still perceive a general indifference to their complaints, which they say sends a message about what kind of behavior is considered appropriate.

“When it comes to conference season in Vegas, there’s all of this folklore about getting hurt and that people shouldn’t come,” said Jessy Irwin, head of security at Tendermint, a blockchain tech company. Irwin said she always goes to conferences with a pack of women and makes a point of ensuring that those who are new to the industry aren’t traveling alone.

In the months since #MeToo took off, women’s whispers about sexual harassment and abuse have been transformed into vocal demands for systemic change — in some cases, with material consequences. Not long before #MeToo began, so-called cybersecurity rock stars Jacob Appelbaum, a former developer at the Tor Project and WikiLeaks collaborator, and Morgan Marquis-Boire, a cybersecurity expert, were asked to resign from leadership positions following multiple allegations of sexual misconduct and rape. (Appelbaum has denied the allegations against him. Marquis-Boire admitted to rape and assault of multiple women in private messages with an acquaintance. Marquis-Boire was the director of security for First Look Media, The Intercept’s parent company, and sometimes a contributor at The Intercept. He left the company for unrelated reasons before the allegations against him came to light.)

Some women are hopeful that the growing legitimation of women’s experiences may pressure conference organizers to take more pointed and effective steps to address abusive behavior at their events. “I think people are more vocal after #MeToo and feel more inclined to speak up and speak out if they or somebody they know are experiencing harassment,” Wang noted.

Others, however, are more skeptical about the possibility of a culture change. “There’s been no reckoning that I’ve seen,” said Gauthier. “I think there should be, and I think women are having those discussions, but that’s not where money is and not where power is.” Some women told The Intercept that they are not willing to risk yet another season of harassment to find out whether anything feels safer. As women seem to be attending these events in decreasing numbers, there is one matter in which they are all in agreement: Change is impossible so long as the men in charge don’t step up to address the issue head-on.

Las Vegas, Nevada, July 28, 2017. Hackers examine a voting machines during DEF CON a gathering of info security professionals.

Hackers examine a voting machine during Def Con, a gathering of information security professionals, in Las Vegas on July 28, 2017.

Photo: Mark Ovaska/Redux

Def Con, the world’s largest and most famous hacker conference, started in 1993 as a goodbye party for a hacker network. It has since grown and professionalized, drawing crowds of close to 22,000 people to a Las Vegas hotel every August. Celebrated computer security experts mingle with NSA agents and civil liberties lawyers. Attendees register by paying $250 in cash at the door. There are around nine men for every woman in attendance. Other conferences, such as RSA and Black Hat, have a more corporate vibe, charging registration fees over $2,000.

Women describe an overall conference culture that promotes a “what happens in Vegas stays in Vegas” mentality, with after-parties where attendees are encouraged to drink as much as possible. They explained that there are often few networking alternatives to the alcohol-heavy after-parties.

Take Def Con’s Hacker Jeopardy in 2016. The late-night game went viral on Twitter after a cybersecurity expert posted about a request that contestants guess the size of a porn star’s penis to within half an inch. Women dressed in skimpy clothing served beers to an all-male group of contestants. In the Double Jeopardy round, they removed pieces of clothing each time a contestant got a question right. The next day, after conference organizers heard about online pushback, they changed the rules so that contestants who answered correctly could have the choice between sending a donation to the Electronic Frontier Foundation or continuing to call for a woman to undress. Progress, in other words, has felt incremental.

At Hacker Jeopardy, contestants who answered correctly could have the choice between sending a donation to the Electronic Frontier Foundation or continuing to call for a woman to undress.

Founders of these four conferences include both black-hat hackers, who work outside the industry, and sometimes outside the law, to expose flaws on their own, and white-hat hackers, who work within governments and corporations. Over the years, when faced with complaints, some organizers have responded by describing their events as harmless fun. Jeff Moss, the founder of both Def Con and Black Hat, has defended Hacker Jeopardy by appealing to tradition and the distinction, in his eyes, between “sexy” and “sexism.”

After Gauthier, a veteran infosec worker, heard about Hacker Jeopardy, she spoke to one of the workers at the conference for over an hour. “The answer that I got was that it was anybody’s choice to attend or not to attend, and can’t I lighten up because it’s good fun?” she said. “People don’t understand that as industry evolves, this is a professional environment, and this is not inclusive behavior.”

These problems are self-reinforcing: So long as conferences celebrate and reflect the sexist status quo of cybersecurity, expanding the ranks of women in the field will be a problem. Some conferences are reported to still feature more “booth babes” than actual female attendees. One woman remembered attending a conference with so few women that when she walked into the ladies’ room, she needed to turn the lights on. Another recalled entering the bathroom and seeing only booth babes in miniskirts and go-go boots.

And yet for years, some organizers have kicked the problem down the road. Instead of organizing the conferences to reflect a positive vision of what the field could be, they’ve defended their choices to have all-male keynotes by arguing that such talks are just a reflection of the way things are. A statement that RSA organizers released about their 2018 “manel” reads: “A diverse speaking program starts with increasing diversity within the technology sector, which needs to be addressed by the industry as a whole.”

The stakes for more inclusive representation are high. Women are leaving the technology sector in greater numbers than they are entering it. Computer science is one of the fastest-growing fields in the United States, and yet, every year since 1984, the number of women in technology in the U.S. has decreased. Attrition is typical. Forty-one percent of women quit the tech industry mid-career compared with just 11 percent of men, according to the National Center for Women & Information Technology. The cybersecurity industry has been projected to have 1.8 million unfilled jobs worldwide by 2022. To address this shortage, companies will need to recruit and retain women, the Global Information Security Workforce study found.

That may be easier said than done. When conferences exclude women speakers, they send a “clear message” that women are still not welcome in the security field, wrote Access Now, a nonprofit focused on human rights, about the keynote roster for the RSA Conference USA 2018. “This is a message that will be heard not only by the attendees but by organizers of other conferences that look to RSA Conference as a source for guidance,” the letter reads. “The bigger danger is that we could see this message — and the mindset behind it — reflected in hiring, development, and operational decisions across the sector.”

Audience members at the RSA Conference at San Francisco's Moscone Center, March 1, 2016. Security experts now worry that if Apple is forced to create software to bypass its password system, it will be a precursor to many more government requests. (Jim Wilson/The New York Times)

Audience members at the RSA Conference at San Francisco’s Moscone Center, March 1, 2016.

Photo: Jim Wilson/The New York Times/Redux

The absence of women at conferences only strengthens the self-serving perception for the majority-masculine field that there is a “pipeline problem” — that the reason there is a gender deficit is because there are simply no talented women to hire. It ignores the fact that talented women have already been pushed away.

Many women say the problem begins as early as recruiting. Cybersecurity classes use masculine language — militaristic talk of enemies, penetration tests. Partly emerging from army and intelligence communities, hackers can be prone to hazing and competitive one-upmanship, according to Sarah Clarke, a security adviser. “It’s a culture of just being mean to new people and needing to ‘prove yourself,’” Clarke said.

Rebecca Long, a software engineer and diversity advocate, says that it’s not a stretch to see a connection between the goals of hacking and its particular culture of harassment. “The whole idea of hacking is compromising someone’s system and having power and control over someone else’s computer or network,” she said. Some women have recommended that the field might seem more welcoming if it moved away from the adversarial language of warfare and instead, framed its goals as a matter of safety.

Women told The Intercept that the tacit norms of the industry can make it seem as though harassment is a problem of female sensitivities, rather than male behavior. The unspoken rule is that women must learn to shrug it off and accommodate themselves to inappropriate actions.

Many women interviewed said that the accumulation of minor incidents over the years leads to their dissatisfaction with — or departure from — the field. They recalled stories of inappropriate touching, lewd remarks, and business meetings leading to sexual propositions. Nearly every woman interviewed said that, at some point, they had been mistaken for a male conference-goer’s girlfriend, even if they were one of the keynote speakers. When not being singled out for sexual attention, they were ignored, dismissed, or asked where their boss was. Like many of the women who spoke to The Intercept, infosec researcher Sarah Lewis said it was not a single experience, but the buildup of small brush-offs that drove her away from industry conferences where she wasn’t being paid to speak. “Numerous times, I’ve been asked if the food is coming out. At conferences I’ve keynoted at, I’ve been asked if I was one of the student groups there. Most of the sexism I tend to see is people who mean well, but who have an assumption that I don’t have experience and I don’t belong,” she said.

“There are a lot of cases of overt hostility,” said Amie Stepanovich, who manages cybersecurity policy at Access Now. “I think what is more insidious sometimes are the less overt cases: These are conference sessions where there are people of color or women represented, but they aren’t asked many questions. Or audience questions are only accepted from men. It’s not always overt examples that drive people away. Oftentimes, it’s little things that send the message that people aren’t welcome.”

“It’s not always overt examples that drive people away. Oftentimes, it’s little things that send the message that people aren’t welcome.”

Many women don’t have the privilege of being able to choose whether to leave their jobs if and when harassment occurs. But when it comes to voluntary conferences, it’s not surprising that after years of experiencing such incidents, women have simply stopped showing up. Many told The Intercept that there were certain conferences they would never consider attending again because of their experiences there.

Yet while not showing up may be the safest and most sensible option for one’s personal well-being, it can put women at a disadvantage professionally. As the programmer and feminist activist Valerie Aurora has written, “When you say, ‘Women shouldn’t go to DEFCON if they don’t like it,’ you are saying that women shouldn’t have all of the opportunities that come with attending DEFCON: jobs, education, networking, book contracts, speaking opportunities — or else should be willing to undergo sexual harassment and assault to get access to them.”

In 2011, on the second night of Def Con, Emily Maxima, a programmer, and her wife, who does not work in infosec, were inside the Caesars Palace Hotel waiting for a DJ set, when a Def Con security guard — typically male and known as a “goon” in conference slang — asked them how their “bribe card” was going. Bribe cards are played like bingo: Attendees perform scavenger hunt favors for the goons in exchange for prizes. “I only had one hole punched in mine,” Maxima wrote on her blog years later. The goon turned to her and said: “‘We could punch ‘boobs’ for you.’ One of these volunteer security guards had literally just solicited to see my wife’s breasts right in front of me in exchange for a hole in my bribe card.” Maxima has not returned to Def Con since.

10284002735_4eb43244a1_o-1528835625

The Grace Hopper Celebration, a long-running conference named for a pioneering programmer, on Oct. 5, 2013.

Photo: AnitaB.org/Flickr

Women working across all sectors of technology have been fighting back against the field’s entrenched gender bias. In 2014, along with a few other female cybersecurity experts, Chenxi Wang started a social media campaign to ban booth babes. One year later, RSA instituted a dress code in response. Wang said it was a small victory: “They took a step in a positive direction, so we don’t see overt sexualized displays. Even though you still see the occasional booth babes, the overall tone of the show floor has become a lot more professional.”

In response to the booth babe ban, Deidre Diamond, a veteran technologist, was inspired to start a company called Brainbabe, which tackles sexism and the skills shortage in the industry at the same time by providing vendors with students from diverse backgrounds to work at booths.

Women in tech have their own gatherings — from the Grace Hopper Celebration, a long-running conference named for a pioneering programmer that draws around 18,000 people a year, 90 percent of them women, to Our Security Advocates Conference, or OURSA, founded this April in response to RSA’s sexist lineup. In 2016, women began to organize a special event known as TiaraCon, separate from Def Con’s main show, for networking, lock-picking (a popular conference extracurricular), and resume-writing. Year-round, groups like the Diana Initiative, Future Ada, and the Ada Initiative provide support for women in tech.

Leigh Honeywell, CEO of the anti-harassment technology startup Tall Poppy, has hosted a workshop in a Caesars Palace room apart from Def Con for the last four years known as “Ally Skills,” which teaches attendees how they can work to improve diversity in security. “There are folks in the field who do want to see it become a more hospitable place for underrepresented people, and I feel fortunate to be able to share tools and tactics for making that happen,” Honeywell explained in an email. The open source workshop, which was originally created by the Ada Initiative, teaches attendees the tools to call out misogyny and bias. Slides ask attendees to brainstorm how allies might respond to situations such as: “A woman you don’t know is standing near your all-male group at a conference in your field. The conference attendees are more than 90 percent men. She is alone and looks like she would rather be talking to people.”

But some women say that separate events, while valuable, do not force the main conference organizers to directly address gender bias. In fact, some say that such events reinforce the message that harassment is a problem for women to deal with on their own. Events that are separate cannot, by their very nature, be equal, Irwin said. While she is glad to have a focus on diversity, she said, “I don’t want the ‘girls’ version.’ I want the big stuff we do for everybody to already have diversity in it.”

“What I want to see is men calling out other men.”

Several women emphasized that until conference management puts the kind of allyship promoted by Honeywell and others at the center of their programming, it will be difficult to effect change. Men need to step up too, Diamond argued: “I tell men this all the time: They’re the ones who are going to solve the problem. There are nearly 90 percent of them. What I want to see is men calling out other men.”

One of the most successful and effective initiatives undertaken to change conference culture has been the development and implementation of written policies that explicitly ban harassment. As the Ada Initiative explains, the most effective policies publicly specify what kinds of behaviors are not acceptable, establish a reporting procedure with contact information for violations, and document how the staff will respond to reports.

In the last several years, responding in part to the organizing work of feminist technologists like those at the Ada Initiative, Def Con, RSA, and Black Hat have each instituted clear codes of conduct that prohibit harassment and reserve the right to expel and banish attendees engaging in unacceptable behavior. The latter two have the most detailed of the four conferences’ policies, spelling out the nature and scope of harassment prohibited.

 Britta Pedersen/picture-alliance/dpa/AP Images

Internet activist Jacob Appelbaum gives a keynote address in Berlin on June 5, 2014.

Photo: Britta Pedersen/picture-alliance/dpa/AP

Last year, Def Con became the first hacker con to provide a transparency report of incidents, which it posted online this month. According to the report, at the 2017 event, there were “7 harassment events,” including two people “banned for life for harassing women.” The report also noted that Appelbaum and Marquis-Boire were banned. (Even in its transparency report, the conference kept things a little tongue-in-cheek, noting that there were also “3 adorable dog reports.”)

Experts on anti-harassment policies say that the policies are still insufficient: They do not specify channels for anonymous reporting of incidents, give a deadline for how quickly the conference will respond to reports, or explain what happens if someone in the group charged with enforcement is accused of harassment.

It is also not clear whether the code of conducts’ enforcement mechanisms prioritize the safety of those who have experienced abuse. “It’s been my personal experience that event staff are simply not equipped or qualified to be first responders on these issues,” explained Melanie Ensign, a press lead for Def Con and director of security at Uber, in an email. Outside of her official capacity at the conference, she has been working with experts in the community to expand resources available to survivors of assault.

Black Hat general manager Steve Wylie told The Intercept that the conference’s policy was developed in 2014 and continues to be a “live document.”

“Clearly our industry has some issues, and we’ve developed programs to highlight the issue,” Wylie said. The conference has been attempting to recruit and encourage more women to apply to speak; new diversity initiatives include partnerships with Queercon, a scholarship program for women, peer-to-peer mentoring, and a series of presentations that address human (rather than technical) issues.

RSA declined to respond to detailed questions for this story and sent a link to a blog post addressing this year’s controversy regarding speaker diversity. Def Con, which has not updated its code of conduct since 2015, wrote in an emailed statement: “We are committed to being proactive rather than reactive in the areas of representation and safety. This includes being available to hear all concerns, making it easy for attendees to share those concerns, and having a clearly defined, ongoing process for addressing those concerns. We’ve invested in a reorganization of our volunteer staff, new training, and the creation of an independent department for reporting incidents. … We will continue to do what hackers do — make changes, see what gets better, and iterate on the results.” For this year’s conference, the statement said, Def Con will be introducing a dedicated crisis support line that attendees could access by phone, text, or chat.

Jessy Irwin of Tendermint often feels surprise that in an industry that prides itself on finding patterns and addressing vulnerabilities, the response to decades of harassment has been slow-going. “How the hell can we claim to be good at our jobs at work when we can’t get any of the people in our communities to follow our best practices of knowledge?” she asked. “I want to see the response process get better. I don’t know how we can call ourselves experts at security if we can solve problems with code, but we can’t do it when it comes to people.”

The post Can #MeToo Change the Toxic Culture of Sexism and Harassment at Cybersecurity Conferences? appeared first on The Intercept.

Philosophers Appointed To High-Level Expert Group on Artificial Intelligence

Published by Anonymous (not verified) on Tue, 19/06/2018 - 1:04am in

The European Commission (EC), which proposes and administers European Union (EU) law and policy, has created a new High-Level Expert Group on Artificial Intelligence, the aim of which is to advise on the crafting and implementation of the EU’s strategy on artificial intelligence.

Among the 52 experts are several people who work in philosophy. They are:

  • Mark Coeckelbergh, Professor of Philosophy of Media and Technology at the Department of Philosophy of the University of Vienna
  • Luciano Floridi, Professor of Philosophy and Ethics of Information at the University of Oxford
  • Eric Hilgendorf, Professor of criminal law, criminal procedure and legal philosophy at the University of Würzburg
  • Thomas Metzinger, Professor of Theoretical Philosophy at the Johannes Gutenberg-Universität Mainz
  • Aimee van Wynsberghe, Assistant Professor in Ethics and Technology, TU Delft

The tasks of the group, according to the EC, are:

  1. Advise the Commission on next steps addressing AI-related mid to long-term challenges and opportunities through recommendations which will feed into the policy development process, the legislative evaluation process and the development of a next-generation digital strategy.
  2. Propose to the Commission draft AI ethics guidelines, covering issues such as fairness, safety, transparency, the future of work, democracy and more broadly the impact on the application of the Charter of Fundamental Rights, including privacy and personal data protection, dignity, consumer protection and non-discrimination
  3. Support the Commission on further engagement and outreach mechanisms to interact with a broader set of stakeholders in the context of the AI Alliance, share information and gather their input on the group’s and the Commission’s work.

You can read more about the group here.


Bubo the Mechanical Owl

 

The post Philosophers Appointed To High-Level Expert Group on Artificial Intelligence appeared first on Daily Nous.

Radio 4 Programme Tonight Wondering What Happened to Star Trek’s Optimistic Vision of the Future

Published by Anonymous (not verified) on Sat, 09/06/2018 - 6:07pm in

This is one for the Trekkers. On Radio 4 tonight at 8.00 pm, 9th June 2018, Dr. Kevin Fong will be presenting a programme on the Archive hour discussing what happened to the optimistic vision of the future in Star Trek. The blurb for it on page 189 of the Radio Times runs

8.00 Archive on 4: Star Trek – The Undiscovered Future

The first episode of Star Trek aired in 1966. Space medic and broadcaster Kevin Fog asks what happened to the progressive and optimistic vision of the future that the iconic television series promised him.

Mars as Communist Utopia in Pre-Revolutionary Russian SF

Published by Anonymous (not verified) on Fri, 08/06/2018 - 3:39am in

I thought this might interest all the SF fans out there. One of the books I’ve started reading is Lost Mars: The Golden Age of the Red Planet, edited by Mark Ashley (London: The British Library 2018). It’s a collection of SF stories written about the Red Planet from the 19th century to just before the Mariner and then Viking probes in the ’60s and ’70s showed that rather than being a living planet with canals, vegetation and civilised beings, it was a dead world more like the Moon. It’s a companion volume to another book of early SF stories from about the same period, Moonrise: The Golden Age of Lunar Adventures, also edited by Mike Ashley. The Martian book contains stories by H.G. Wells, Ray Bradbury – from The Martian Chronicles, natch – Marion Zimmer Bradley, E.C. Tubb, Walter M. Miller, and the great novelist of dystopias and bug-eyed psychopaths, J.G. Ballard. It also contains pieces by now all but forgotten Victorian and early Twentieth writers of Scientific Romances, W.S. Lach-Szyrma, George C. Wallis, P. Schuyler Miller and Stanley G. Weinbaum.

Both books are also interesting, not just for the short stories collected in them, but also for Ashley’s introduction, where he traces the literary history of stories about these worlds. In the case of the Moon, this goes all the way back to the Roman satirist, Lucian of Samosata, and his Vera Historia. This is a fantasy about a group of Roman sailors, whose ship is flung into space by a massive waterspout, to find themselves captured by a squadron of Vulturemen soldiers from the Moon, who are planning an invasion of the Sun.

The history of literary speculation about Mars and Martian civilisation, is no less interesting, but somewhat shorter. It really only begins in the late 19th century, when telescopes had been developed capable of showing some details of the Martian surface, and in particular the canali, which the Italian astronomer Schiaparelli believed he had seen. The Italian word can mean ‘channels’ as well as ‘canal’, and Schiaparelli himself did not describe them as artificial. Nevertheless, other astronomers, like Percival Lowell of Flagstaff, Arizona, believed they were. Other astronomers were far more sceptical, but this set off the wave of novels and short stories set on an inhabited Mars, like Edgar Rice Burrough’s famous John Carter stories. I remember the Marvel adaptation of some these, or at least using the same character, which appeared as backing stories in Star Wars comic way back in the 1970s.

It’s also interesting, and to contemporary readers somewhat strange, that before H.G. Wells’ War of the Worlds, the vast majority of these stories about Mars assumed that the Martians would not only be far more scientifically and technologically advanced, but they would also be more socially and spiritually as well. Just like the Aetherius Society, a UFO new religious movement founded by George King in the 1950s, claims that Jesus was really as Venusian, and now lives on that world along with Aetherius, the being from whom they believe they receive telepathic messages, so there were a couple of short stories in which Christ was a Martian. These were Charles Cole’s Visitors From Mars, of 1901, and Wallace Dowding’s The Man From Mars of 1910.

Other utopias set on the Red Planet were more secular. In Unveiling a Parallel, by Alice Ilgenfritz Jones and Ella Merchant, of 1893, the Martians are handsome and intelligent, and their women totally liberated. Another feminist utopia was also depicted by the Australian writer Mary Moore-Bentley in her A Woman of Mars of 1901.

And in Russia, the writer Alexander Bogdanov made Mars a Communist utopia. Ashley writes

While the planetary romance theme was developing there were other explorations of Martian culture. The Red Planet became an obvious setting for a communist state in Krasnaia Zvesda (‘Red Star’, 1908) and its sequel Inzhener Menni (‘Engineer Menni’, 1912) by Alexander Bogdanov. Although reasonably well known in Russia, especially at the time of the revolution in 1917, and notoriously because of its reference to free love on Mars, it was not translated into English until 1984. Kim Stanley Robinson claimed it served as an influence for his own novel, Red Mars (1992), the first of his trilogy about terraforming the planet. Although the emphasis in Bodganov’s stories is on the benefits of socialism, he took trouble to make the science as realistic as possible. The egg-shaped rocket to Mars is powered by atomic energy. His Mars is Schiaparellian, with canals that have forests planted along their full length, explaining why they are visible from Earth. He also went to great lengths to explain how the topography of Mars, and the fact that it was twice as old as Earth, allowed social evolution to develop gradually and more effectively, with planet-wide communication and thus a single language. (Pp. 11-12).

So five years before the Revolution, Mars really was the ‘Red Planet’ in Russian literature. I’m not surprised it wasn’t translated into English until the 1980s. British publishers and censors probably disliked it as a piece of Communist propaganda, quite apart from Anglophone western Puritanism and the whole issue of free love. No naughtiness allowed on the side of the Iron Curtain, not even when it’s set on Mars. Russian cinema also produced one of the first SF films, also set on Mars. This was Aelita (1922), in which Russian cosmonauts travel to the Red Planet to start a revolution, though at the end it’s revealed that it’s all been a dream.

Meanwhile, Mars as a planet of mystery continues in the French SF series, Missions, shown at 10.00 Thursdays on BBC 4. This has French spationauts and their American rivals landing on the Red Planet, only to find a mysterious altar constructed from lost Atlantean materials described by the Romans, and Vladimir Komarov, a Soviet cosmonaut, who has been turned into something more than human with three strands of DNA. In reality, Komarov died when the parachutes on his spacecraft failed to open when it re-entered the Earth’s atmosphere. Tragically, Komarov knew it was a deathtrap, but went anyway because Khrushchev wanted another Russian space achievement to show up the Americans, and Komarov did not want his friend, and first man in space, Yuri Gagarin to go. It’s a tragic, shameful waste of human life on what was a purely political stunt, and Komarov is, because of his desire to save his friend, one of the great heroes of the space age.

But Missions shows not only how much people really want us to travel to Mars – to explore and colonise – it also shows how the Red Planet still remains the source of wonder and speculation about alien civilisations, civilisations that may not be hostile monsters intent on invading the Earth ‘for no very good reason’, as Douglas Adams described the motives of those aliens, who wanted to take over the universie in The Hitch-Hiker’s Guide to the Galaxy. One of the French spationauts, Jeanne, has dreamed of going to Mars since being shown it through a telescope by her father when she was a little girl. Electromagnetic scans of the area, when developed, give a picture of her face, and ‘Komarov’ tells her he has been waiting millions of years for her, and she is the true link between Mars and Earth.

Yes, it’s weird. But different. And it shows that Mars is continuing to inspire other forms of SF, where the Martians aren’t invaders – or at least, not so far-but benevolent guides waiting for us to come to them and make the next leap in our development. Just like Bogdanov in 1912 imagined that they would be ahead of us, and so have created a true Communist utopia.

#1403; The Sincerest Form of Fakery

Published by Anonymous (not verified) on Wed, 06/06/2018 - 3:00pm in

''Amazing! Where do you get your ideas?'' ''I guess Rotterdam?''


Google Won’t Renew Its Drone AI Contract, But It May Still Sign Future Military AI Contracts

Published by Anonymous (not verified) on Sat, 02/06/2018 - 5:24am in

Tags 

Technology

Google executives announced to company staff this morning that the tech giant won’t renew its contract to work on Project Maven, the controversial Pentagon program designed to provide the military with artificial intelligence technology used to help drone operators identify images on the battlefield. Google will continue work on the project through March 2019, according to multiple people with knowledge of the announcement, but once the 18-month contract concludes, it will not be renewed.

The company, however, has not committed to forego signing other military contracts dealing with artificial intelligence, according to multiple people with knowledge of the decision. Google declined to comment for this story.

Google has not committed to forego signing other military contracts dealing with artificial intelligence.

The announcement was made by Diane Greene, chief executive of Google’s cloud business, at a Friday morning all-hands briefing for the Google Cloud team, which is known internally as the “weather report.”

Google faced growing pressure since the contract was revealed by Gizmodo and The Intercept in March. Nearly a dozen employees resigned in protest, and several thousand signed an open letter declaring that “Google should not be in the business of war.” More than 700 academics also signed a letter demanding that “Google terminate its contract with the DoD, and that Google and its parent company Alphabet commit not to develop military technologies and not to use the personal data that they collect for military purposes.”

The Defense Department has hoped to harness the latest advancements from Silicon Valley. The Defense Innovation Board, an arm of the Pentagon that makes technological recommendations, declared that winning the global race to adopt artificial intelligence was as important as “nuclear weapons in the 1940s and with precision-guided weapons and stealth technology afterward.”

Project Maven was the military’s first major effort to collaborate with tech firms to deploy AI technology. The program was launched last year. In the bidding process, companies were asked to help devise a machine learning technology that could help drone analysts interpret the vast image data vacuumed up from the military’s fleet of 1,100 drones to better target bombing strikes against the Islamic State.

Google, which has maintained a close relationship with the Defense Innovation Board through former Alphabet Chair Eric Schmidt, who serves on the board, quietly won the contract last September.

The company had sought to conceal the contract through a third-party contractor known as ECS Federal, a company in Virginia. But when news broke, Google began working to calm the nerves of employees and outside critics. Many observers noted that Google had previously disavowed military work and had once embraced the slogan “Don’t Be Evil” as its corporate ethos.

The news of Google’s announcement was first reported by Gizmodo. On Thursday, The Intercept revealed new details about the contract. While Google executives had attempted to downplay the Pentagon program as a mere $9 million contract, the company in fact expected the Project Maven work to balloon into generating $250 million a year.

Top photo: Google’s headquarters in Mountain View, Calif., on April 21, 2018.

The post Google Won’t Renew Its Drone AI Contract, But It May Still Sign Future Military AI Contracts appeared first on The Intercept.

Here’s the Email Russian Hackers Used to Try to Break Into State Voting Systems

Published by Anonymous (not verified) on Sat, 02/06/2018 - 2:20am in

Just days before the 2016 presidential election, hackers identified by the National Security Agency as working for Russia attempted to breach American voting systems. Among their specific targets were the computers of state voting officials, which they had hoped to compromise with malware-laden emails, according to an intelligence report published previously by The Intercept.

Now we know what those emails looked like.

An image of the malicious email, provided to The Intercept in response to a public records request in North Carolina, reveals precisely how hackers, who the NSA believed were working for Russian military intelligence, impersonated a Florida-based e-voting vendor and attempted to trick its customers into opening malware-packed Microsoft Word files.

The screenshot, shown below, confirms NSA reporting that the email purported to originate from the vendor, Tallahassee-based VR Systems, but was sent from a Gmail account, which could have easily tricked less scrupulous users. “Emails from VR Systems will never come from an  ‘@gmail.com’ email address” the company warned in a November 1, 2016 security alert, which included the reproduction of the GRU email.

The specific Gmail address shown in the message, vrelections@gmail.com, matches an address cited in the NSA report as having been created by Russian government hackers, although in the NSA report the address was rendered with a period, as “vr.elections@gmail.com.” The timing of VR Systems’ security alert is also in line with the NSA’s reporting, which indicated that the email attack occurred on either October 31 or November 1 of 2016. The original classified NSA document contained intelligence assessments, but omitted any raw signals intelligence used to form those assessments.

In addition to having arrived from a Gmail account, rather than an actual VR Systems address, the attacker also appears to have slipped up and used the British spelling of “modernized” in the email’s body. But to a state election official reading quickly in the frantic period before a presidential election, without an eye open for the hallmarks of a phishing attack and accustomed to such emails from VR, the message could have had disastrous and completely unexpected consequences. North Carolina experienced a variety of widely-reported software glitches on Election Day in 2016.

Jake Williams, founder of the cybersecurity firm Rendition Infosec and a former NSA hacker, told The Intercept that there appeared to be “nothing very sophisticated” about the email attack, which he said is ironically part of the playbook of a “more advanced” attacker. A visually simple message would have helped the attackers “blend into the noise,” said Williams.

There appeared to be “nothing very sophisticated” about the email attack, which he said is ironically part of the playbook of a “more advanced” attacker.

As indicated in the NSA report, the attached Word documents, posing as documentation for VR Systems software, would have invisibly downloaded a malware package that could have provided the attacker with remote control over a target’s computer. The report further indicated that the malware-spiked documents actually did contain legitimate “detailed instruction on how to configure EViD [voting] software on Microsoft Windows machines,” suggesting that if a state elections official had opened the attachments, they might not have had immediate cause for concern.

Williams said the use of “.docm” file extensions on the Word documents should have been “very suspicious” on its own, as using such an extension allows code in the file to run automatically. He also said  the use of recycled malware “increases the chance of detection a little, but also decreases the chance of correct attribution a lot.”

Williams also noted that VR Systems claimed in their email security alert that they didn’t know the  “potential impact” of opening these attachments, even as it was warning customers against doing so. “Why not?” Williams wonders. “Did they follow up with customers after they found out what the impact was, or did they just drop it?”

VR Systems COO Ben Martin told The Intercept that following the attack, the company “hired a leading threat intelligence firm, which conducted a byte-by-byte analysis of our systems and found no indications that that our system had been breached as a result of this spear phishing attack.” As of today, however, the company said that “the impact of clicking on the attachment is unknown to VR Systems.” Martin continued:

When a customer alerted us to an obviously fraudulent email purporting to come from VR Systems, we immediately notified our customers by email and advised them not to click on the attachment. Most election officials have security systems in place that would have flagged the email before it even reached the intended recipient. After we notified our customers of the potential threat, most told us that their spam filter caught the email or that they had never received it. We are only aware of a small number of our customers who actually received the fraudulent email and of those, none of them notified us that they clicked on the attachment or were compromised as a result.

Still, Martin noted that VR isn’t aware of every recipient of the malware message, which would make an accounting of its impact difficult, if not impossible.

The company provided voter registration and poll book software to eight states in 2016. Its November 1 alert about an email threat was later provided to an elections official named Michael Dickerson in Mecklenburg County, North Carolina and forwarded to The Intercept by the county in response to its public records request.

Mecklenburg includes Charlotte, North Carolina’s largest city, but it was Durham that became a flash point for electronic voting glitches in 2016, which led the state Board of Elections to extend voting time in eight Durham County precincts on election night. The NSA report concluded that it was “unknown” whether Russian military intelligence “was able to successfully compromise any of the entities targeted as part of [its] campaign,” and no known intelligence has linked the North Carolina glitches to Russian hacking, although the New York Times reported in September that neither federal agencies, nor those in states reportedly targeted by the hackers, had done much to investigate the issue. In May, the Senate Intelligence Committee reported that in a “small number” of states, hackers broke into election computers and could change registration data, but not votes.

DV.load('//www.documentcloud.org/documents/4483232-VR-Systems-Phishing-Alert-to-Mecklenburg-County.js', {
width: '100%',
height: '450',
sidebar: false,
container: '#dcv-4483232-VR-Systems-Phishing-Alert-to-Mecklenburg-County'
});

Top photo: A poll worker gives a voter a Las Vegas Strip-themed “I Voted” sticker after taking back her voter activation card at a polling station in North Las Vegas, Nevada, on Nov. 8, 2016.

The post Here’s the Email Russian Hackers Used to Try to Break Into State Voting Systems appeared first on The Intercept.

Leaked Emails Show Google Expected Lucrative Military Drone AI Work to Grow Exponentially

Published by Anonymous (not verified) on Fri, 01/06/2018 - 11:36am in

Tags 

Technology

Following the revelation in March that Google had secretly signed an agreement with the Pentagon to provide cutting-edge artificial intelligence technology for drone warfare, the company faced an internal revolt. About a dozen Google employees have resigned in protest and thousands have signed a petition calling for an end to the contract. The endeavor, code-named Project Maven by the military, is designed to help drone operators recognize images captured on the battlefield.

Google has sought to quash the internal dissent in conversations with employees. Diane Greene, the chief executive of Google’s cloud business unit, speaking at a company town hall meeting following the revelations, claimed that the contract was “only” for $9 million, according to the New York Times, a relatively minor project for such a large company.

Internal company emails obtained by The Intercept tell a different story. The September emails show that Google’s business development arm expected the military drone artificial intelligence revenue to ramp up from an initial $15 million to an eventual $250 million per year.

In fact, one month after news of the contract broke, the Pentagon allocated an additional $100 million to Project Maven.

The internal Google email chain also notes that several big tech players competed to win the Project Maven contract. Other tech firms such as Amazon were in the running, one Google executive involved in negotiations wrote. (Amazon did not respond to a request for comment.) Rather than serving solely as a minor experiment for the military, Google executives on the thread stated that Project Maven was “directly related” to a major cloud computing contract worth billions of dollars that other Silicon Valley firms are competing to win.

The emails further note that Amazon Web Services, the cloud computing arm of Amazon, “has some work loads” related to Project Maven.

Jane Hynes, a spokesperson for Google Cloud, emailed The Intercept to say that the company stands by the statement given to the New York Times this week that “the new artificial intelligence principles under development precluded the use of A.I. in weaponry.” Hynes declined to comment further on the emails obtained by The Intercept. 

The September email chain discussing the recently inked deal included Scott Frohman and Aileen Black, two members of Google’s defense sales team, along with Dr. Fei-Fei Li, the head scientist at Google Cloud, as well as members of the communications team.

Black provided a summary of the Project Maven deal, which she described as a “5-month long race among AI heavyweights” in the tech industry. “Total deal $25-$30M, $15M to Google over the next 18 months,” she wrote. “As the program grows expect spend is budgeted at 250 M per year. This program is directly related to the Sept 13 memo about moving DOD aggressively to the cloud I sent last week.”

“I don’t know what would happen if the media starts picking up a theme that Google is secretly building AI weapons or AI technologies to enable weapons for the Defense industry.”

The September 13 memo sent by Black was not included in the emails obtained by The Intercept. It appears to be a reference to the Joint Enterprise Defense Infrastructure, a contract worth $10 billion over 10 years, a project that Google has expressed an interest in obtaining. The JEDI program was announced on September 12.

The project had finally come together and was moving along rapidly, Black wrote. The Pentagon was “really fast tracking” Google’s cloud security certification, a development she called “priceless.”

The Google executives discussed the potential for a public relations fiasco from the Project Maven contract. Whether or not to reveal the deal was a point of concern.

“This is red meat to the media to find all ways to damage Google. You probably heard Elon Musk and his comment about AI causing WW3,” wrote Fei-Fei.

“I don’t know what would happen if the media starts picking up a theme that Google is secretly building AI weapons or AI technologies to enable weapons for the Defense industry,” she continued. “Google Cloud has been building our theme on Democratizing AI in 2017, and Diane and I have been talking about Humanistic AI for enterprise. I’d be super careful to protect these very positive images.”

The Google team noted that it has no press plan for the rollout of the contract and agreed that the company should work to set the “narrative” as quickly as possible. The “buzz” generated by the contract could be a positive, Black suggested.

The government sales team noted that Project Maven had been concealed through a contract awarded to ECS Federal, an arrangement first reported by The Intercept.

“The contract is not direct with Google but through a partner (ECS) and we have terms that prevent press releases from happening without our mutual consent,” wrote Black. The Defense Department “will not say anything about Google without our approval.”

Despite the secrecy, Black cautioned that news will eventually leak and that information about the contracting process could be obtained by the public through the Freedom of Information Act. Google’s involvement with Project Maven “will eventually get out,” Black warned. “Wouldn’t it be best to have it released on our terms?”

The project, however, was never announced publicly until news broke in March 2018.

An internal work timeline about Project Maven, also obtained by The Intercept, provides a window into the quick progression of the contract.

On October 27, 2017, a team from Google Cloud visited Beale Air Force Base — a major hub for drone pilots — to “meet operational users (Air Force data analysts) who will be the end users of our technology, and primary testers starting June 2018.”

The previous week, Lt. Gen. John N.T. “Jack” Shanahan, who helped spearhead Project Maven, visited Google’s Advanced Solutions Lab to meet with 50 members of the team working on the project. Shanahan declared that “nothing in DoD should ever be fielded going forward without a built-in AI capability,” according to the timeline.

The timeline describes how Google engineers were continually working with the military to improve the product, including the user interface. “While the initial core technology focus will remain detection, classification, and (limited) tracking of certain classes of objects, we are considering how to address customers’ concern regarding more challenging use-cases that solve user’s real problems,” the document notes.

Top photo: A U.S. Air Force MQ-1B Predator unmanned aerial vehicle carrying a Hellfire missile flies over an air base after a mission in the Persian Gulf region on Jan. 7, 2016.

The post Leaked Emails Show Google Expected Lucrative Military Drone AI Work to Grow Exponentially appeared first on The Intercept.

PhilPeople Launches (guest post by David Bourget & David Chalmers)

Published by Anonymous (not verified) on Fri, 01/06/2018 - 8:14am in

The following is a guest post* by David Bourget (Western) and David Chalmers (NYU), the co-directors of the PhilPapers Foundation, which has brought you the bibliographic database PhilPapers, the online philosophical archive PhilArchive, the philosophy events calendar PhilEvents, and now, the professional networking tool PhilPeople (previously).

PhilPeople Launches
by David Bourget and David Chalmers

We’re pleased to announce the public beta testing launch of PhilPeople, a directory and social network for philosophers developed by the PhilPapers Foundation with support from the American Philosophical Association.

PhilPeople is an extension of PhilPapers.  The core of PhilPeople is a database of professional philosophers which complements and works together with the database of philosophical works that is at the core of PhilPapers. PhilPeople has also become the locus of user profiles and social features previously on PhilPapers, with numerous new features added.

The key features of PhilPeople include:

  1. A powerful search engine for searching PhilPeople’s database of philosophers based on topics, location, demographics, and other criteria.  This will enable conference organizers, researchers, and others to search for philosophers meeting various criteria.
  2. A comprehensive directory of departments offering an array of department-wide statistics.
  3. Personalized profiles for every philosopher, including customizable publication lists and graphical elements.
  4. The news feed, a social networking system that allows you to follow the publications, appointments, updates, paper recommendations, blog posts, and other activities of philosophers.
  5. The radar, a tool to discover people traveling near you, and for announcing your own travels.
  6. discussion sessions feature allowing you to share a paper for discussion among as many or as few people as you want, with extensive on-screen commenting and group discussion features.

At the moment, the PhilPeople database includes all registered users of PhilPapers and many other philosophers for whom we have included information from PhilPapers works and from institutional websites. We estimate that well over 80% of academic philosophers in Anglophone countries are included, with less complete coverage elsewhere. Our eventual aim is to extend coverage to all professional philosophers worldwide. Graduate students and others are also welcome to register.

If you are a registered user of PhilPapers, what was previously your PhilPapers profile has been redesignated as a PhilPeople profile. We encourage you to try the new features of the site. As before, any user may opt to have their profile hidden or removed.

If you are a professional philosopher who is not a registered user of PhilPapers, you may find that the PhilPeople database includes an entry for you with some minimal public information, akin to an entry in a standard academic directory. We encourage you to  register as a PhilPeople user so that you can make a full profile available to users searching the site. However, if you prefer, you can remain unregistered or have your entry removed from the site completely.

PhilPeople remains in beta testing. The database is still incomplete and not every feature has been tested thoroughly. If you notice any problems, please notify us in the comments here or by using the Feedback button on the site.

We would like to take the opportunity to thank all of those who have contributed to this project. The Committee for the Status of Women in Philosophy of the American Philosophical Association provided the initial impetus by asking us some years ago if we could make a tool to help find members of under-represented groups. The American Philosophical Association provided seed funding for the project. The editors of the Philosophical Gourmet Report shared the faculty lists they compiled for the 2018 report. The Department of Philosophy at Western provided generous research assistant support. Cecilia Li and Mark Dunlop did excellent data collection. Last but not least, our outstanding team at the Centre for Digital Philosophy did a superb job. Many thanks to Steve Pearce, Jen McKibbon, Mavrick Laakso, Ryan Augustynowicz, Craig Weston, and Chris Brogly.

Added note: We have heard some concerns that the “Radar” feature, which shows philosophers who will be speaking in a certain area in a certain period, may facilitate stalking and harassment. We should clarify that by default this feature conveys no information that is not already easily and publicly available in PhilEvents and in other conference announcements. Further information about a user is included only if the user chooses to add the information. We have also made it easy for users to exclude any information about their events from the PhilPeople site. As always, we are open to feedback and to fine-tuning the system before the full public launch.

The post PhilPeople Launches (guest post by David Bourget & David Chalmers) appeared first on Daily Nous.

Pages