Author: Paula Kift

By Eli Siems

A new digital currency was launched last Friday (28 Oct.) that threatens to give Bitcoin a run for its virtual money. It’s called Zcash. But there’s one major distinction between the two so-called cryptocurrencies that Zcash believes will give it an edge in the digital market. The currency’s official website puts it this way: “If Bitcoin is like http for money, Zcash is https.” In other words, this new cryptocurrency is designed to be secure, private, and virtually untraceable by anyone but the parties to a transaction.

Interest and speculation is high. On Monday, the New York Times reported that “investors were paying over $1000 for a single unit of Zcash.” The currency launched with a ton of buzz and with the support of computer scientists at Johns Hopkins and MIT, privacy activists, and electronic currency traders, speculators, and aficionados.

While it’s far too early to say if the currency will take off, its core principles and technology are already shaping conversations on the future of data privacy.

The difference between Zcash and other, less private cryptocurrencies is its handling of an essential component known as a blockchain, a permanent ledger that tracks coins. The blockchain is key to maintaining the integrity of the currency and proving no counterfeiting or interference has taken place. For Bitcoin, the blockchain is public and can be accessed to analyze the flow of currency, which has raised more than a few eyebrows across the spectrum of potential Bitcoin users. As The Economist reports, “This is a serious barrier for banks: blockchains could reveal their trading strategies and information about their customers”

But Zcash is fundamentally different. Using a “zero-knowledge proof construction called a zk-SNARK,” the Zcash team has managed to create a secure ledger that keeps the identities of parties to a transaction and the amounts transferred undisclosed. Beyond cryptocurrency, the encryption technology is making waves on all shores of digital privacy and cryptography.

Aside from potential benefits to large players like banks, Zcash markets itself on its privacy protection for every user. But such a currency, readily accessible and exchangeable, will bring with it huge and probably obvious law enforcement concerns. Back in 2013, when the idea that became Zcash was first proposed by Johns Hopkins researchers, Global Financial Integrity voiced strong opinions that a currency like Zcoin would do little more than facilitate a wide range of illicit transactions and cripple hard-won law enforcement tools. Monero, a similarly private but less anticipated cryptocurrency, has already shown up in countless illicit transactions.

On the other side, Zcash founder Zooko Wilcox insists that Zcoin has a different purpose: “All of the conversations I’ve had with businesses, banks, regulators and law enforcement have been about the need for data security for commercial applications.”

Matthew Green of Johns Hopkins, an originator of the Zcoin concept, frames it differently: “The basic story is that we have been gradually losing our privacy in a whole bunch of ways that people don’t appreciate,” Zcash being a way to take back that privacy in at least one area.

Whatever your opinion is on the utilities or dangers of an untraceable cryptocurrency, one thing is quite clear: Zcash is here and is bringing back longstanding debates about privacy and law enforcement in the digital age with renewed immediacy.

By Sofia Grafanaki

Facebook rolled out a new feature last week, allowing users to officially endorse a presidential candidate. It is very simple to use – all a user needs to do is go on the candidate’s Facebook page and click on the “endorsement” tab to add his/her own endorsement. One can also add a message with it, presumably explaining their position. The feature has already sparked several interesting discussions, ranging from whether journalists should use this tool, given the conflicting values of neutrality and transparency in the context of political journalism, to the potential harassment that can result from expressing political opinions.

Facebook seems to have a bigger agenda than just the upcoming presidential election by planning to make the feature more widely available, to state and local election candidates for instance. Detailed instructions on Facebook’s Help Center page explain that to receive endorsements, all a user needs to do is change the category of his/her page to “Politician, Political Candidate, or Government Official.”

The feature is not just directed to users who are open about their political opinions and positions, as the feature allows you to select the audience who can view your endorsement post. Detailed instructions on Facebook’s Help Center page warn users to:

Keep in mind that if you choose Public as the audience of your endorsement, it may also appear on the candidate’s Page if the candidate chooses to feature your endorsement.

Interestingly, while this may seem somewhat respectful to voter privacy, it also helps a reluctant user feel more comfortable to share their political preferences, making it almost as if the user were completing a missing piece of their profile, one that no one needs to see. The result however is that Facebook obtains more accurate data on their users, allowing for more accurate targeted advertising.

The fact that the Company has been tracking political preferences is not news; it has been doing that since the launch of its ad personalization tool, in order to bring users ads that cater to their interests. Theoretically users’ can see and somewhat control their political labels among others, but as they are “tucked away” in the ad preferences section on Facebook, this is not always intuitive.

Most importantly, while previously these labels were based on inferences Facebook algorithms were “taught” to make based on information collected from the users’ profiles and activity, with the new endorsement feature, these inferences are now confirmed or even corrected by the users themselves.

Ultimately this is just a glance at a much larger discussion on the acceptable boundaries of voter-micro targeting. Is it just the natural evolution of political campaigning or are we starting to cross lines that affect our democratic process?

https://www.facebook.com/help/1289003767810596

https://techcrunch.com/2016/10/18/facebook-presidential-endorsements/

http://money.cnn.com/2016/10/18/technology/facebook-endorsement-election-2016/

http://www.poynter.org/2016/ask-the-ethicist-should-journalists-use-facebooks-new-endorsement-tool/435713/

http://www.digitaltrends.com/social-media/facebook-endorsements/

http://www.nytimes.com/2016/08/24/us/politics/facebook-ads-politics.html?_r=2

http://www.digitaltrends.com/social-media/facebook-political-views-ads/

https://www.facebook.com/ads/preferences

By: Yan Shvartzshnaider

There is no such thing as a “bullet-proof” system. A system’s security is in a constant state of becoming. Breaking into any system used to require resources and time: the more resources you had, the less time you needed, and vice-versa. To protect your system you would want to ensure that it takes a significant amount of time (in the best case, approaching infinity) for the attacker to be able to break it.

For a while, this was an achievable goal: resources were too expensive and hard to come by for the average perpetrator to even bother with an attack. This was particularly true of well-established infrastructure. Things have changed, however. Cloud services like Amazon Web Services (AWS) allow one to span hundreds of servers with the ease of clicking a button. We connected fridges, toaster, thermostats and other appliances to the Internet, the Internet of Things (IoT). Today, one neither needs money, expensive resources nor time to mount a serious attack. In one of the most recent attacks, two teenagers were able to “coordinate more than 150,000 so-called distributed denial-of-service (DDoS) attacks” from the comfort of their home, while making money in the process.

While the technological landscape has changed, the attitude of consumers has not. The market is full of unpatched devices that make it easy for an attacker to compromise the system and use it as they see fit.

In a recent blog post— Security Economics of the Internet of Things —Bruce Schneier discusses these issues and argues that we have reached a point where the government needs to intervene with adequate regulation:

IoT will remain insecure unless government steps in and fixes the problem. When we have market failures, government is the only solution. The government could impose security regulations on IoT manufacturers, forcing them to make their devices secure even though their customers don’t care.

Whether or not government intervention is the correct answer remains to be seen, but we should all be grateful to Schneier for raising the question.

https://www.schneier.com/blog/archives/2016/10/security_econom_1.html

By Sofia Grafanaki

A new and promising approach seeks to disrupt ISIS online recruiting efforts through targeted advertising, as presented at a recent event at the Brookings Institution. Google’s tech incubator Jigsaw (previously called Google Ideas), together with Moonshot CVE, Quantum Communications, and the Gen Next Foundation, developed a plan to help the fight against terrorism. The “Redirect Method” is described as a way to get inside the heads of potential terrorists before they are actually recruited and change their intentions.

The way the program seems to work, is that it “places advertising alongside results for any keywords and phrases that Jigsaw has determined people attracted to ISIS commonly search for”. The advertising links to YouTube channels with videos that Jigsaw believes can “undo ISIS’s brainwashing”. According to Yasmin Green, Jigsaw’s head of research and development, “the Redirect Method is at its heart a targeted advertising campaign: Let’s take these individuals who are vulnerable to ISIS’ recruitment messaging and instead show them information that refutes it.” Results seem to show that the program is effective – it seems that more than 300,000 people were drawn to the anti-ISIS YouTube channels in just about 2 months.

But could this “powerful tool for getting inside the minds of some of the least understood and most dangerous people on the Internet”, as described by Wired Magazine, be used for just about anything else as well? There is no doubt that the specific use is desirable (and a lot more respective of privacy than NSA’s bulk surveillance method). But once it’s out there as a tool, can it not be used for other causes? If it’s really just a targeted advertising campaign, can Google develop a product out of this? Or is it already a product in some ways? How would we feel if the cause was not to stop terrorism but to stop a political candidate for instance that some deem dangerous? The minute we move away from extremism, the idea of using data and analytics to get inside the minds of people and change their intentions starts to sound much less appealing.

https://www.wired.com/2016/09/googles-clever-plan-stop-aspiring-isis-recruits/

http://www.slate.com/articles/technology/future_tense/2016/09/the_problem_with_google_jigsaw_s_anti_extremism_plan_redirect.html

https://theintercept.com/2016/09/07/google-program-to-deradicalize-jihadis-will-be-used-for-right-wing-american-extremists-next/

http://www.businessinsider.com/jigsaw-redirect-method-to-stop-isis-recruits-2016-9