Google Drive and the Titanic — UnSyncable

I have a number of files I want to share across my three primary computers, and have backed up in the cloud — “Just in case”. So when Google lowered the price for 100GB of cloud storage, I took them up on the offer … BUT …

Apparently they made a change in the last few days (Circa Feb 1, 2015) and now refuses to sync MP3 files.  Since the Drive APP does not correctly display large numbers of unsyncable files, I had to catch it in the act (with just 700+ of my 1900+ MP3 files.  The message is”Download error: You do not have the  permission to sync this file“. This apparently was applied to ALL MP3 files since it includes recordings of my wife, niece, and cousins as well as CDs and Vinyl “rips” I have done to allow me to listen to that music on my computer(s) — and for which I still have the original media (and I do not sell or share). So it appears that Google (perhaps under pressure from the music industry) has decided to ban MP3 files from Drive. (If you are a musical artist, you obviously need another supplier.) — [A later observation, after more experience and some useful feedback — while it is not clear what triggers Drive to make decisions about Permission to Sync, it is not the .MP3 characteristic alone — following guidance from  Google support, I completely reinstalled it on my Windows8 system and now things sync alright … hmm]

There is a valid copyright concern from IP owners related to sharing of their content.  Google has some experience with this with Google Books. They have argued “fair use” for wholesale capture, storage and indexing of libraries full of books.   Which was upheld in a 2013 court ruling. It is also worth noting that besides copyright for books and MP3 files, every item on Google Drive has an implicit or explicit copyright.  This Blog entry will have an implicit copyright as soon as I post it, actually I think it gains that status as soon as I type it in.  Every email, document, home movie or picture you take, etc. has applicable copyright law — and I can’t envision Google being able to sort out who has what permissions. And with a transition from “first sale” protections to licensing for works, things get more difficult.  If I buy a book, I can re-sell it (or a DVD, CD, etc) … but if I buy a license for something (software, ebook, etc.) …. my rights are limited by the license, not copyright law.  (Which is why Amazon could ‘take back’ copies of Orwell’s “1984” from Kindel devices.)

While seeking to understand the problems I encountered with Drive I  discovered an interesting variation on the problems.  A user reported a system infected with ransomware that encrypted his files and demanded payment to restore access.  The encrypted files  replaced the unencrypted files on Google Drive, which means his “backup” was no longer available (and apparently Google cannot restore prior versions of files.)

Cloud computing in it’s variations opens a batch of new Social Implications … Copyright, protection of content, loss of content, etc. What other challenges do you see for the Cloud?

US States use Big Data to Catch Big Thieves

Various states are using big data tools, such as the Lexus-Nexus database, to identify folks who are filing false tax returns.  A recent posting at the Pew Trusts, indicates that  “Indiana spotted 74,782 returns filed with stolen or manufactured identities as of the end of last month with its new identity-matching effort. Without it, the Department of Revenue caught just 1,500 cases of identity theft out of more than 3 million returns filed in all of 2013.”

The article goes on to outline other ways big data is being used by the states.  This can include the focus (e.g. tax refund validation) use of third party data sets, or can include ways to span state data sets to surface “exceptions”.  A state can cross check drivers license records, with car registrations, property tax records, court records, etc … to ultimately identify wrong-doers.

This harkens back in my own family experience when my daughter was working for a catalog sales company.  She was assigned the task of following up on ‘invalid credit cards’ to get valid entries to allow the items to ship.  She discovered via her own memory of contact data, that a number of invalid credit cards, being used with a variety of names were going to a single address.  She contacted the credit card companies to point out this likely source of fraud, only to find out that they incorporated the costs of credit fraud as part of their costs of doing business and were not interested in pursuing an apparent abuser.  Big data, appropriate queries and a willingness to pursue abuse could yield much greater results than the coincidental awareness of an alert employee.

So … here’s the question(s) that come to my mind:

  1. What are the significant opportunities for pursuing ne’er-do-well‘s with big data either by governments or by industry?
  2. What are the potential abuses that may emerge from similar approaches being applied in less desirable ways? (or with more controversial definitions of ne’er-do-well)?

Genomics, Big Data and Google

Google is offering cloud storage and genomic specific services for genome data bases.  It is unclear (to this blogger) what levels of anonymity can be assured with such data.  Presumably a full sequencing (perhaps 100 GB of data) is unique to a given person (or set of identical twins since this does not, yet, include epigenetic data) providing a specific personal identifier — even if it lacks name or social security number. Researchers can share data sets with team members, colleagues or the public.  The National Cancer Institute has moved thousands of patient datasets to both Google and Amazon cloud storage.

So here are some difficult questions:

If the police have a DNA sample from a “perp”, and search the public genome records, and find a match, or parent, or … how does this relate to U.S. (or other jurisdiction) legal rights?  Can Google (or the researcher) be forced to identify the related individual?

Who “owns” your DNA dataset? The lab that analyses it,  the researcher, you?  And what can these various interests do with that data?  In the U.S. there are laws that prohibit discrimination for health insurance based on this data, but not long term care insurance, life insurance or employment decisions.

Presumably for a cost of $1000 or so I can have any DNA sample sequenced.  Off of a glass from a restaurant, or some other source that was “left behind”.  Now what rights, limits, etc. are implicit in this collection and the resulting dataset?  Did you leave a coffee cup at that last staff meeting?

The technology is running well ahead of our understanding of the implications here — it will be interesting.

Privacy Matters

Alessandro Acquisti’s TED talk, Why Privacy Matters.lays out some key privacy issues and revealing research of what is possible with online data  In one project they were able to locate student identities via face recognition in the few minutes needed to fill out a survey …. and potentially locate their Facebook page using that search.  In a second project they were able to deduce persons social security numbers (a key U.S. personal identifier) from their Facebook page data. This opens the possibility that any image of you can lead to both identifying you, and also locating significant private information about you.

There is a parallel discussion sponsored by the IEEE Standards Association on “The Right to be Forgotten“.  This was triggered by a recent European court case where an individual did not want information about his past to be discoverable via search engines. These two concepts collide when an individual seeking to be “forgotten” has their image captured by any range of sources (store cameras, friends posting photos, even just being “in the picture” that someone else is taking.)  If that can be translated into diverse personal information, then even the efforts of the search engine providers to block the searches will be futile.

Alessandro identifies some tools that can help:  The Electronic  Freedom Foundation’s anonymous internet portal, and Pretty Good Privacy (PGP) which can deliver a level of encryption that is very expensive to crack, with variations being adopted by Google, Yahoo and maybe even Apple to protect the content of their devices and email exchanges. There are issues with the PGP model and perhaps some better approaches. There  is also government push back against too strong of encryption — which is perhaps one of the best endorsements for the capability of such systems.

Behind all this is the real question of how seriously we choose to protect our privacy. It is a concept given greater consideration in Europe than in the U.S. — perhaps because the deeper European history has proven that abuse by governments or other entities can be horrific — an experience that has not engaged the “Youth of America”, nor discouraged the advertising/commercial driven culture that dominates the Internet.

Alessandro observes that an informed public that understands the potential issues is a critical step towards developing policy, tools and the discipline needed to climb back up this slippery slope.


Too Close for Comfort? Detecting your presence.

A group of authors in the August 2014 issue of IEEE Computer outline some pros, cons and examples of proximity sensing technology that initiates advertising, action and may report your presence to some data collection process. The article is called The Dark Patterns of Proxemic Sensing.

There are simple examples which most folks have encountered: the faucet that turns on when you put your hands near it, followed by the automated hand dryer or paper towel dispenser.  This paper Identifies some current examples that many of us may not have encountered: the mirror that presents advertising, a wall of virtual “paparazzi” that flash cameras at you accompanied by cheering sounds, and urinals that incorporate video gaming. Some of these systems are networked, even connected to the internet.  Some interact anonymously, others are at least capable of face or other forms of recognition.

The article identifies eight “dark” aspects of this proximity interaction:

  1. Captive Audience – there is a concern of unexpected/undesired interactions in situations where the individual must go for other reasons.
  2. Attention Grabbing – detection and interaction allows these systems to distract the target individual.  Which may be problematic, or just annoying.
  3. Bait and Switch – initiating interaction with an attractive first impression, then switching to a quite different agenda.
  4. Making personal information public — for example, displaying or announcing your name upon recognition.
  5. We never forget – tracking an individual from one encounter to the next, even spanning locations for networked systems.
  6. Disguised data collection – providing (personalized) data back to some central aggregation.
  7. Unintended relationships – is that person next to you related in some way — oh, there she is again next to you at a different venue…
  8. Milk factor – forcing a person to go through a specific interaction (move to a location, provide information …) to obtain the promised service.

Most of these are traditional marketing/advertising concepts, now made more powerful by automation and ubiquitous networked systems.  The specific emerging technologies are one potentially  disturbing area of social impact.  A second is the more general observation that the activities we consider innocuous or even desirable historically may become more problematic with automation and de-personalization.  The store clerk might know you by name, but do you feel the same way when the cash register or the automatic door knows you?

Issues in this area area also discussed in the Summer 2014 issue of Technology and Society – Omnipresent Cameras and Personal Safety Devices being relevant articles in that issue.

Soft Biometrics

Karl Ricanek has an article in the Sept. Computer Magazine, “Beyond Recognition: The Promise of Biometric Analytics“.  He points out a range of possible applications for biometric analysis beyond identifying specific individuals.   Many of these are ‘grist’ for the social impact mill.  Karl defines Biometric Analytics as the discovery of potentially interesting information about a person other than identity using biometric signal patterns. He includes in these emotional state, longevity, aliveness (if you a reading this, you are alive), continuous authentication, ethnicity, gender, age (demographics in general), honesty, concentration, mood, attitude, and even frustration with automated phone systems (‘dial 1 if you like talking to robots, dial 2 if you would like to toss your phone out the window, …’) A few specific examples include:

  1. Audience reaction research – detecting smiles, confusion, boredom, or distress. This could help editing movies, or developing higher impact advertising.
  2. Karl’s own research is on detection of age and longevity.  He has a web site, FaceMyAge that uses facial photos for this. Apparently if you look older than you are, you are likely to die younger, insight life insurance companies might value. Also cosmetic companies in terms of helping you to look younger (and maybe reduce your life insurance premiums?)

Karl anticipates answers to everyday questions  such as: “is the speaker on TV being honest?” (not needed for QVC, politicians, … or even many news programs now days); “How much money will I need for retirement?” (a discrete way of asking ‘how much time do I have left?’);”Will using this cosmetic really make me look younger?” — and the most dangerous question of all “does this outfit make me look fat?” (ok, Karl does not include this one.) Engineers and autistic persons are reputedly poor at reading the emotional state of others. Perhaps a possible Google Glass app would provide a some clues. Some devices for the improved transmission  of biometric signals have been developed as well.  My granddaughter just obtained a set of Brainwave Cat Ears which are supposed to indicate your state (focused, in-the-zone, relaxed) …. and, ‘ur, ah no you look just great in those cat ears, not fat at all’ (or at least that is what my Glass app suggested I say.) What biometric analytics would you encourage? What unanticipated consequences do you envision?

Enslaved by Technology?

A recent “formal” debate in Australia, We are Becoming Enslaved by our Technology addresses this question (90 min).  A look at the up side and down side of technological advances with three experts addressing both sides of the question.

One key point made by some of the speakers is the lopsided impact that technology may have towards government abuse.  One example is captured in the quote “a cell phone is a surveillance device that also provides communications”  (quoted by Bernard  Keene)  In this case one who benefits from continuous location, connectivity, app and search presence.

Much of the discussion focuses on the term “enslave” … as opposed to “control”.  And also on the question of choice … to what degree do we have “choice”, or perhaps are trying to absolve our responsibility by putting the blame on technology.

Perhaps the key issue is the catchall “technology”.  There are examples of technology, vaccines for example, where the objectives and ‘obvious’ uses are beneficial (one can envision abuse by corporations/countries creating vaccines.) And then the variations in weapons, eavesdropping, big-data-analysis vs privacy, etc.  Much of technology is double-edged – with impacts both “pro and con” (and of course individuals have different views of what a good impact.)

A few things are not debatable (IMHO):
1. the technology is advancing rapidly on all fronts
2. the driving interests tend to be corporate profit, government agendas and in some cases inventor curiosity and perhaps at times altruistic benefits for humanity.
3. there exists no coherent way to anticipate the unintended consequences much less predict the abuses or discuss them in advance.

So, are we enslaved? …. YOU WILL RESPOND TO THIS QUESTION! (Oh, excuse me…)


Culture vs Technology

Freedom of Speech vs the Right to be Forgotten …. Technology and Society, but whose society?  A recent European Court ruled that Google (also Bing, Yahoo, etc.) might be required to remove links that might be “accurate” but objectionable to the affected individual(s).  It is easy in a world with a dominating culture (U.S.A.) and particularly for technologists working in that culture (Google, et al) to adopt and apply the values of that culture (Free speech) without being aware of alternative cultural norms.

Apparently in Europe, particularly in Germany and France, have some precedents that suggest that prior offences, actions, public knowledge should become unaccessible in the present and future.  This is being considered as part of new E.U. Privacy legislation, and not just a court finding.

It is easy (particularly for those of us in the USA) to hold up the sacred right of free speech (as written in the book of Constitution, verse 1:1) and ignore the concerns, and abuses associated with this.  Some folks on-line are surprised that Facebook (or other) postings of their pictures/activities may result in them being expelled from college, fired, or fail to get a job. This “long tail” left by all of us in the exponentially growing web may contain many issues of concern.  For example, if I mention diabetes in this posting might I lose health insurance? Or if someone with a very similar name is leading a quite different life style, might I suffer some of the consequences?  And of course if I advocate an issue or candidate or religious affiliation could I find that I am persecuted in the media, or worse by police showing up  at my door (consider the recent transitions in Egypt… ops, there I go).

Consider one example, the widespread “sex offender” registration required by many US states.  This has  been a topic of non-academic discussion (Dear Abby) recently but presents an interesting reference. Note that the distinction between an individual found guilty of molesting children many times and a eighteen year old’s indiscretions with a seventeen year old can be indistinguishable in this context.  The public “right to know” would seem to apply in one case, and the chances of recurrence seems unlikely in the other —  yet both may lead to loss of job opportunities, shunning by neighbors, etc.

Facilitating the oppression of religious groups, political dissidents, or even un-informed misuse of the failings of youth seems a good rationale for a “Right to be Forgotten”.  At the same time,  and almost in the same breath, we can hear the need to know a political candidate’s racist remarks, the series of lawsuits brought against a used car dealer (the U.S. stereotype for a shady business),  or perhaps that my fiance has three divorces in the last five years. (This is hypothetical!)  The “Right to be Forgotten” may also be countered with the “Right to Never Be Forgotten”.  The Internet has created a global village — with all of the gossip and “everyone knows” implications of the spotlight of a small town.

This challenge is just beginning.  With face recognition and public web-cams, and many other sources of personal data being captured explicitly or implicitly how we deal with the diversity of cultural norms is non-trivial.

What are the issues you see?

Your Data in the Cloud, like it or not!

Various suppliers of products & services are now integrating cloud operations as necessary aspects of their offerings.  This has raised questions in an article in Scientific American, “The Curse of the Cloud” (hard copy) and related online entry “We are Forced to Use Cloud Services” about who is in control of your data. Before we disparage this situation, we (technologists) need to consider why it is happening.

From a user perspective, having a “common” file structure between devices can be a real advantage.  My music is there, the files I need for this meeting, when I’m on the road. For those of us using online email services (Gmail, Hotmail, etc.) this is a common concept. Once upon a time (like 3 years ago) I’d email myself a file just so it was stored in the implicit cloud. Google has made that explicit with Google Drive and the aps environment.  And specific services like iTunes/iCloud, Microsoft with Windows 8, Chrome/Android have also been structured to preserve “context” in the cloud that can span multiple systems.  This includes the automated password completion data your browser so kindly provides.  In short, your bank account access is now only as safe as your Gmail or other auto-login product’s protection. Ditto your online health records, etc.

Why?  The technological answer is simple — single devices fail, automate backup. Also for apps that run in the cloud, they can be automatically maintained, less user fuss – more secure. But there is a dark cloud above this silver lining called “vendor lock in”.   Microsoft has constantly been challenged with “how can we sell you another copy of xyz?” (DOS, Word, etc.) Historically this has been accomplished by periodic updates and eventually making an old version obsolete in terms of support, security, file formats, etc. Today the solution is Office 365, where you subscribe to the use of the software, and must connect every 30 days or “lose it”.

Your Data Are Ours” — and of course the data you store in these locations has limited practical portability to a competing environment.  Typically you can export, or “save as” a file in an common format and move it, but with some data files (music) built in DRM may prevent that.  (An interesting example was Amazon’s removal of Orwell’s 1984 from all of the Kindles that had downloaded it when they found they were in violation of copyright. There is some irony in giving Big Brother that capability.)

As the Scientific American article points out, participation in these services is no longer optional. It is the only way to sync your calendar, etc. with the new iOS, and is strongly encouraged by Microsoft Windows 8.  Needless to say, a Chrome book, is marginal “For those rare times when you aren’t connected to the web“.

As you may have noticed, some of these suppliers are also selling or compelled to provide access to your content by the “authorities”. For each country the “authorities” varies, but includes NSA and such.  If you are engaged in a business that spans international boarders, and tries to maintain trade secrets from foreign competitors, you may want to think twice, or even a dozen times, before committing  critical data to the cloud.  Consider the liability of an “innocent” memo stored in the cloud (email, or even just a draft — early draft given version rollback) … that reveals just a bit too much about some key secret.  Back in the last millennium, when lawsuit “discovery” entailed providing access to your file cabinets to an army of paralegals one of them tripped over this comment in one company’s files: “XYZ corp is eating our lunch, we need to buy them out or burn them down” … written prior to the fire that destroyed XYZ corp’s facilities.  Such a cute turn of phrase would be far easier to find with a good search engine and authorized (or even unauthorized) access to your files.

There is a solution which I think might work: buy your cloud services from NSA. Consider this. NSA has the worlds leading experts on cyber-security, and while an obvious target for attack, is probably one of the best defended. They have data centers that can handle the load (if they can ever get the generators in Utah working), and they probably have more restrictions on their abuse of the data than any other entity (with increasing restrictions every day.) — and best of all, they already have a copy (I think I’m kidding here.)

A Potential Legacy of Disaster

To imagine how things could go bad, we have to imagine these charming techies [today’s beneficent tech company leaders] turning into bitter elders or yielding their empires to future generations of entitled clueless heirs.” (How Should We Think about Privacy, Scientific American, Nov. 2013) [And yes, this is the same one quoted in the last entry, good article — read it!]

I’ve wondered what the half-life of a Fortune 500 company is.  I’ve worked for a few, some like Intel when they were not yet in the 500, some like IBM were and are, and some like Digital were and are no more.  It is clear as we watch the life-arc of companies like Digital, Sun Microsystems, Xilog, etc. that most do not have particularly long lives — maybe a decade or three. And I sense that this window may be shortening. Venture capitalists always look for exit strategies – often selling a creative startup that is not getting traction to some lumbering legacy giant who thinks they can fix it. (This seems occasionally like getting your pet “fixed” more than getting your car “fixed”.) But some beat the odds and make the big time.  Investors happy, founders happy, occasionally employees (shout out to the Woz who made pre-IPO stock available to Apple employees) — but when things get big a different mentality takes charge — milking the cash cow.  One reason the big-guys buy up the little guys is to keep them from disrupting their legacy business models. Even when they have good intentions they often are clueless when it comes to keeping the momentum going with the innovators and/or customer base, and eventually drive their acquisition into the ground.

The point of the Scientific American article is that the transition of surviving corporations to new owners, or even loss of shareholder control, can turn a company dedicated to “Doing No Evil” in a different direction. The article suggests that the current “convenience” facilities in your smartphone that suggest an <advertisers> spot to get lunch based on your location and local time could go further, controlling your action at pre-cognitive levels with pavlovian manipulation of your actions. — It may  not be what the founders of Google, Twitter, Facebook, etc. feel is right … but then, the decision may be mandated by new ownership, stockholder interests, etc.

It has been suggested a military device has never been invented that was not eventually used in warfare.  I won’t swear that is true, but the corollary is that no path to increased profits has been identified that has not eventually been used by corporations. At the same time, we have few ways to protect ourselves from future abuse — policy entities are hesitant to take preventative actions — and corporate interests are strongly involved once they smell blood … excuse me, cash.