Urban@UW individual questions

1. How would you define the question/ challenge/ focus in a manner that you find compelling?

Privacy has been defined by different groups indifferent ways. Often times the best way to protect personal privacy rights is to empower people to have greater control over what data is shared. Policy makers need to think broadly and specifically about the unintended consequences of data collection, not just how valuable it can be to special interests. Supporting privacy initiatives is often something that can turn into government transparency, accountability, and trust. Seattle could exclusively adopt free software solutions when deploying technology that interfaces with the public.

Two related points:

White House Commits to Open Access, Open Education and Open data in New Open Government Plan

Emerging threats for lawyers and human rights defenders: surveillance on massive scale in real time

Concerns from others in the group:

— Justice?
— Democratizing data?
— Supporting an advocacy agenda?
— Access? Affordability? Income barriers? How to keep people out of the criminal justice system?
— What is the overarching process for developing questions about data?
— Is the data driving the questions, instead of the questions driving the data? Who owns the data?
— Who gets to frame the questions? Who gets to think about how the data is used?
— Public vs private sector influence?

2. What is the most important need or area of impact that we could have addressing this challenge?

3. What is needed to address this challenge and what are the gaps to fulfilling this need?

4. What has failed in the past, and why?

5. What risks are there?

6. Who else should be involved?

7. What’s missing from this challenge, as you see it?

Seattle continues “business as usual” trend when deploying surveillance systems

This post was read to the attendees of September 2015’s Community Technology Advisory Board (meeting minutes).


A few months ago I raised concern at CTAB about connected cars technology — about the need to be informed about the technology’s capability — because Seattle residents will not be informed if Seattle government and Seattle leaders are not informed.

Today, Crosscut reporter David Kroman published an article titled, Seattle installs new system to track individual drivers which concerns a related hardware identification tracking system. There are a few problems I have with Seattle’s interpretation of what it considers a “surveillance system” and how it’s unable to safeguard its residents from intrusive surveillance technology even in light of Seattle’s recently adopted privacy principles.

Let’s look at some of the facts of this tracking system:

Seattle government, including its CTO, does not consider this to be a surveillance system despite the manufacturer calling it a tracking system. History proves that tracking systems easily become surveillance systems, just look at our cell phone network.

SDOT is free to pursue infrastructure improvements without approval from the city council and even called this project “business as usual”. (quote: Adiam Emery, an Intelligent Transportation System Engineer with SDOT)

The public was not brought into the conversation before the deployment of this tracking system.

A privacy impact assessment was not performed.

The tracking system records when and where a hardware identifier exists including personal cars, personal cell phones, and markers such as speed, distance, and behavior are analyzed.

Seattle does not receive raw data and Acyclica claims they do not store raw data despite there being no audit of such a system.

Washington state supreme court recently unanimously passed a bill restricting the use of Stingrays and other surveillance devices that mimic cell towers because of the privacy implications.

The tracking system is something that was already in place and its privacy invasive capabilities were later upgraded to include these wireless surveillance mechanisms.

This data is collected 24/7/365 including of nearby homes and work places that are within reach of monitored intersections.

The data is transmitted to a third party but we do not know if the data is encrypted at rest before it is transmitted or if the transmission is encrypted.

SDOT Public Information Officer Norm Mah:

the city receives no raw data from the readers, which they say means it cannot trace information back to individuals or individual devices. Mah compared it to a bar code on a baseball ticket: The system knows you’re there, but not who you are. The data fed into the readers is “scrubbed,” meaning it’s analyzed and aggregated into a lump of useful information, absent of discrete data-points.

The metaphor is wrong and the explanation is not a truthful representation of reality. We do not carry baseball tickets with us everywhere we go, 24/7, and have them scanned, repeatedly, every time we drive through a street intersection. The public knows that American businesses do not have the ability to keep collected data safe from governments, be it the American government or the Chinese.

It would appear that employees of Seattle put demands before history. Do not forget that in 1943, Census released Japanese Americans’ data. Seattle has no business collecting and tracking Seattle residents physical location data and handing it over to third parties because they cannot control the use of that data once its collected.

Say cheese! You might get kicked out

Bars and clubs are legally required to check government issued identification before allowing patrons into their establishment. This is a form of security authentication to reliably (probabilistic) determine if someone is at least 21 years old. Should we allow business owners to install government issued identification data retention and sharing technology? Should we accept being treated like a criminal before committing a crime?

Re: SPD increases efforts to put ‘shooters in handcuffs’ after East Precinct gun violence

In the wake of the shooting, Baltic Room owner Jason Brotman told CHS he and other Capitol Hill club owners are exploring a new ID scanning software that would track who has been kicked out of a club earlier in the night.

I think this is the system I was swept up in in Vancouver, Canada in 2014. I didn’t expect it. My group of friends were all going in and I couldn’t just walk out on them after spending 45 minutes in a line. Should I ask for the data retention and data sharing policies before accepting them taking a picture of me, scanning my ID, and uploading it to someone else’s servers? Should I request to audit their system’s security before feeling comfortable they or an unknown company will share my data with whoever their corporate policies and regressive laws allow?

A quick Internet search: “club id scanning who gets kicked out”

First result: http://www.patronscan.com/ (notice the company doesn’t employ website transport security)

Servall Biometrics Inc. creates cumulative reports from other data points, such as the postal code, age, and sex of the patrons in any one venue or one city, and makes these summarized reports available to venues who are paying customers. All information is confidential and no identifying data is provided.

Police Departments may request access to the database, but only when an official investigation has been launched (eg. sexual assault). They must specify their request, by providing the name of the venue, and the time frame for which they wish to review data. They have access to the first name, last name, sex, age, and photo from the identification. The police may use this to search for suspects, victims, and/or witnesses to a crime.

So police, presuming there’s a verification process, simply need “an official investigation” to hand over my data. It’s one thing for local PD to show up at a bar and inquire about events. It’s another for them to have access to a centralized database of specific data just because they were out with their friends and family.

We have a Fourth Amendment for a reason. Privacy invasions are severe because when they happen, they cause lasting effects on people and their families. Domestic violence, sexual assault, stalking — these are all problems that people, who go out to bars and clubs, already have. The Washington State Address Confidentiality Program has over 5,000 participants state wide. Why would Seattle bar owners think it’s ok to force patrons to document their locations in someone’s identification database? Shareable to police without a warrant? That’s called a search! It doesn’t excuse the warrant requirement because a third party collects the data. Victims of police brutality, or victims of people who are police officers is not uncommon. When you collect data to solve a problem, you are creating many more.

Thanks to Mikael Thalen for pointing me to this related issue in Oregon: Oregon Police Give Nightclubs ID Scanners to Datamine Customers

Exploring Cuban Internet surveillance and censorship

This research is ongoing.

After December 17, Cubans don’t have more food, more money, or more liberty. But we have more hope.

— Cuban journalist Yoani Sanchez said in May 2015

Larry Press, Professor of Information Systems at California State University, Dominguez Hills, recently asked some important questions on his blog:

  • Is the Cuban government surveilling the users?
  • Which IP addresses are blocked?
  • Are the Chinese supplying equipment, software or expertise for surveillance and content filtering?

Cuban infrastructure

Cuba’s Ministry of Communications (MIC) is responsible for approving Cuban communications infrastructure. Historically, according to TeleGeography, “Internet access in Cuba is largely restricted to legally recognized individuals and institutions considered most significant to the island’s culture and development, such as state officials and academics.”

According to Wikikeaks, “Cuba worked around the US embargo in order to deploy an undersea cable to Venezuela.” For more history, Wikileaks has available a document titled: “Radio and Television Broadcasting to Cuba: Background and Issues Through 1994.”

According to the United States Congressional Research Service in 2006, “On December 12, 2006, independent Cuban journalist Guillermo Fariñas Hernández received the 2006 Cyber Dissident award from the Paris-based Reporters Without Borders. Fariñas went on a seven-month hunger strike in 2006, demanding broader Internet access for Cubans.” Reporters Without Borders “voices its support to the members of various dissident groups who have themselves been on a rotating hunger strike since 4 June [2006] in a show of solidarity with Fariñas and to draw international attention to his condition.”

In 2007, state-owned “Telecom Venezuela” and Cuban telco “Transbit” formed a new company called “Telecomunicaciones Gran Caribe”. The company eventually completed ALBA-1 in 2011, the only submarine cable that connects Cuba to the Internet and allows for the transmission of data, video and voice (VoIP). The cable has termination points in La Guaira, Venezuela, Ocho Rios, Jamaica, Santiago de Cuba, Cuba, and Siboney, Cuba. Until 2012, most Internet users in Cuba had limited access via satellite.

According to the U.S. Department of State Bureau of Democracy, Human Rights, and Labor on Internet Freedom in 2007:

“The [Cuban] government controlled nearly all Internet access. Authorities reviewed and censored e‑mail and forbade any attachments. Authorities also blocked access to Web sites they considered objectionable. Citizens could access the Internet only through government‑approved institutions, except at Internet facilities provided by a few diplomatic offices. In August authorities shut down Internet access in four government-run Internet cafes, including one located in the Ministry of Communications. The only citizens granted direct Internet access were some government officials and certain government‑approved doctors, professors, and journalists. The government also further restricted Internet use in government offices, confining most officials to Web pages related to their work. Foreigners, but not citizens, were allowed to buy Internet access cards from the national telecommunications provider and to use hotel business centers where Internet access cost $10 (240 pesos) an hour. The government stated that 8 percent of the population had Internet access, but independent studies concluded that only 2 percent of the population had access to the Internet.

A 2004 law stipulates that all public Internet centers must register with the government, and that all such centers may be the object of control and supervision, without prior warning, by the Agency of Ministry for Information Technology and Communications. While the law does not provide for any specific punishments for Internet use, it is illegal to own a satellite dish that would provide uncensored Internet access.”

According to the United States Congressional Research Service in 2009, “On May 21, 2008, the Senate passed S.Res. 573 (Martinez) by unanimous consent, which recognized Cuba Solidarity Day and the struggle of the Cuban people. On the same day, President Bush called for the Cuban government to take steps to improve life for the Cuban people, including opening up access to the Internet. He also announced that the United States would change U.S. regulations to allow Americans to send mobile phones to family members in Cuba.”

Prior to June 2013, Internet was only available at select state institutions and 200 hotels. The Cuban government then began offering access to the Internet at 118 outlets including a small number of cybercafés. According to Agencia EFE, “On June 14, 118 new Internet establishments were opened in the country where, through the national portal Nauta, permanent or temporary accounts were made available for e-mail access, online navigating and other services.”

As of April 2015, three million Cubans use mobile phones, a figure expected to grow by 800,000 a year. The state-owned monopoly Empresa de Telecomunicaciones de Cuba (ETECSA) has over 600 base stations across the island, up from 350 in 2010.

ETECSA will host the Internet Addresses Registry for Latin America and the Caribbean (LACNIC) meeting from May 2 to 6, 2016. ETECSA, and thus the Cuban government, clearly has ultimate authority of this region.

Desoft is the largest software developer in Cuba and based in La Habana, Cuba. Desoft’s CEO, since November 2014, is Luis Guillermo Fernandez Perez. Desoft’s website describes a product called “RCTel” that is a “Solution for recording and monitoring of telephone calls and their associated costs.” ETECSA is listed as one of their primary customers.

Prior to Desoft, Perez was the CEO of Cuba’s Softel from January 2004 through October 2014. Softel, according to LinkedIn, “Provides software solutions, analytics and consultancy for the telecommunication business.” Softel is “currently developing Softel Monitoring and Management Framework,” and their best selling product is “CMTS Monitoring System,” “capable of large scale (up to few millions easy scalable) docsis 2&3 cable modem customers monitoring. Some analytics and prediction algorythms in the area.”

According to Dyn Research, “Almost all of Cuba’s international Internet traffichas been passing through the United States for as long the Internet has existed in Cuba. For example, the satellite ground stations for the satellite service they currently use are on the East Coast of the United States.” “The Telefonica and Tata service across the ALBA-1 cable eventually makes its way to Miami to reach the global Internet. For technical reasons and not necessarily political, it is very hard to avoid the gravitational pull of the United States when routing international Internet traffic in the western hemisphere.”

United States infrastructure

IDT Corporation, based out of New Jersey, U.S. and in cooperation with ETECSA, is the “only U.S. carrier to have a direct interconnection into Cuba.

SMS Cuba, a telecom startup in Florida, U.S., is a two-way provider of SMS to those wishing to send mobile texts to and from Cubans. The service is not in direct communication with Cuba and must pass through multiple other nation states meaning there are even more connection points subject to carrier surveillance. SMS Cuba advertises directly to Cubans about how cost effective it is. Further, SMS Cuba’s registration web site does not employ transport security (HTTPS), meaning the US government (at minimum) gets to record the personal information of who signs up for the service.

While writing this article, I sent an email to the founder of SMS Cuba with some questions about their infrastructure. They declined to answer any of my questions, which were mostly technical in nature.

Sprint provides voice and SMS service to Cuba, a known NSA partner, even though it is the only major carrier to push back in court.

Products

According to Gigaom, “U.S. companies banned from selling or exporting everything from smartphones, servers and networking gear will be free to bring their hardware and software into the country.” Similairy, from the White House, “The commercial export of certain items that will contribute to the ability of the Cuban people to communicate with people in the United States and the rest of the world will be authorized. This will include the commercial sale of certain consumer communications devices, related software, applications, hardware, and services, and items for the establishment and update of communications-related systems.” “Telecommunications providers will be allowed to establish the necessary mechanisms, including infrastructure, in Cuba to provide commercial telecommunications and internet services, which will improve telecommunications between the United States and Cuba.”

We Created the Very Threat We Claim to be Fighting

the United States, through its policies, created the very threat that it claims to be fighting now, and in continuing this policy, what President Obama is doing is embracing the very lies that made the Cheney-Bush Iraq War possible. And in the process, he’s creating yet another generation of people in the Islamic world who are going to grow up in a society where they believe that their religion is being targeted, where they believe that the United States is a gratuitous enemy.

As stated by Jeremy Scahill on Democracy Now!

Some awesome documentaries

My ex boyfriend really enjoyed watching documentaries (and he even got me to pronounce the word correctly!) so I’m going to start a new “documentary” section for my blog, so maybe I’ll spend more time watching them and sharing them here. A good place I’ve found to look for some good ones: https://www.reddit.com/r/Documentaries/

Me watching the North Korean documentary
Me watching the North Korean documentary

 

 

 

The very thought provoking things I’ve watched lately:

Vandana Shiva: Food, Ethics, and Sustainability

(start on 24:50. from here: http://www.yesmagazine.org/about/vandana-shiva-speaks-at-seattle-town-hall)

This Is What Democracy Looks Like (Seattle 1999 WTO)

All Wars Are Bankers’ Wars

North Korea Exposes the Western Propaganda

A local initiative for the people’s right to privacy

“Gentlemen do not read each other’s mail.”

This was said by Henry L. Stimson in 1929 in support of the US State Department’s defunding of the Black Chamber program that was used to decipher foreign ambassador communications. At that time, Stinson was the Secretary of State under President William Howard Taft. Stinson’s opinion, however, is said to have changed while he served as the Secretary of War under President Herbert Hoover and President Franklin D. Roosevelt, in which the United States government relied heavily on the enemy’s decrypted communications during wartime.

Mass surveillance is a crime against people, not just the American people. The people did not ask for it, not even the special interests behind the development of the Patriot Act. Secret mass surveillance and secret laws are instituted and accepted by people in power, to gain and maintain power, which are acts that are illegitimate of a developing democracy. They are illegitimate acts of a country that developed the Internet.

Civilly speaking, cryptographically encrypting information before transmission is the same as licking and sealing a letter before mailing it. It is the same as closing a clear glass door on a telephone booth before having a private conversation. It is the same as putting on clothes to protect things expected to remain private.

I expect that only entities that privately sign digital certificates that create the foundation for private chats, private socializing, and secure transactions on the internet can decrypt my information. It should be illegal for entities beyond the original signer of public key infrastructure certificates to have a copy of the private key in such a way that allows said entity to view or record the decrypted content that is expected to remain private between two specific parties. It should also be illegal for any entity to attempt to break or subvert encryption mechanisms on common-carrier infrastructure as long as that data is being transmitted or being stored on American soil, no matter the nationality of the person transmitting their encrypted internet content. It is time for the United States to learn from its mistakes and emerge as a civil liberties leader.

What I would like to do is identify other leaders throughout the United States that want to pass a shared city law that makes illegal the above acts. We should all vote for and approve these laws in tandem to reduce the risk of federal or state legal threats. Cities need to come together to protect local internet infrastructure.

Governance representatives are failing to protect the nature of our constitutional protections in law and debate.  They are failing to understand the importance of the Internet. Federal representatives are literally working backwards at times, with the Patriot Act, CISPA, PIPA, and the TPP as perfect examples. It is time to work from the ground up and enact local laws that affect local internet infrastructure.

We cannot let special interest groups, that bribe our representatives, write our laws for us. The interest of the people needs to be voiced through local law. Let us tell state and federal government that it is not okay to subvert public law with secret law, and that mass surveillance cannot be tolerated, period. Law enforcement has worked, successfully, for hundreds of years without mass surveillance. The city laws that I am proposing do not inhibit the normal procedure of law enforcement to acquire a warrant, through justified evidence, to obtain private information about specific individuals to prevent or punish crime.

In addition to hosting DNS root servers and the Seattle Internet Exchange, the Westin datacenter connects us to billions of un-Americans on the other side of the Pacific Ocean. Many other cities throughout the United States host similar infrastructure. These communication points are ideal for the placement of unethical surveillance equipment, and we must make this act illegal in our cities. Let us put pressure on our state by protecting local resources, the technology that ensures the security of our online communications, and the integrity of our local businesses.

From https://www.aclu.org/sites/default/files/assets/lavabit_brief_of_us.pdf, it is clear that sometimes our founding legal frameworks are not explicit.

THE FOURTH AMENDMENT DOES NOT PROHIBIT OBTAINING ENCRYPTION KEYS FOR THE PURPOSE OF DECRYPTING COMMUNICATIONS THAT THE GOVERNMENT IS LAWFULLY AUTHORIZED TO COLLECT

Let us build our own laws for our expectations of privacy. For example, as described in the book, Toward an Information Bill of Rights & Responsibilities (http://yawnbox.com/?p=283):

Preamble

Information privacy is the claim of individuals to determine what information about them is disclosed to others and encompasses the collection, maintenance, and use of identifiable information. Privacy is an important value in a democratic society. For individuals, it enhances their sense of autonomy and dignity by permitting them to influence what others know about them. For associations, privacy enhances the ability of individuals to function collectively by permitting the association to keep deliberations and membership and other activities confidential. For society, privacy fosters individual and associational contributions to society, promotes diversity, and limits undesirable conduct and abuse of authority by government and other institutions.

Privacy is not an absolute right. It must be balanced with competing values and interests, including First Amendment rights, law enforcement interests, and business or economic interests in information. The following Code of Information Rights and Responsibilities attempts to strike an appropriate balance between privacy and competing interests, in an environment shaped be technological breakthroughs in the ability of organizations to collect and disseminate personal information.

A number of characteristics of the new information environment make it imperative to adopt a Code of Information Rights and Responsibilities. These include:

  • Technological enhancements in the ability to capture, store, aggregate, exchange, and synthesize large quantities of information about individuals, their transactions, and their behavior;
  • Proliferation of powerful computing capacity to the desktop;
  • Creation of worldwide networks through which information about individuals can easily, cheaply, and quickly flow;
  • Increasing use of target marketing, modeling, and profiling;
  • New technological abilities that permit individuals to access personal data maintained by others;
  • Decreasing cost of computing technology used to manipulate data;
  • New social and cultural values and developments regarding personal information.

Two general principles apply to all of the provisions of the Code of Information Rights and Responsibilities. First, an individual is entitled to greater protection and due process when information is used to make determinations about his or her rights, benefits or opportunities. Second, the protection of privacy must be interpreted consistently with First Amendment principles. Resolving the inherent tensions between the values of privacy and the First Amendment must take place on a case-by-case basis.

The scope of the Code of Information Rights and Responsibilities is limited to individual and associational privacy as defined above, and does not cover government and corporate interests in secrecy. It addresses how activities of information keepers and processors involving the collection, maintenance, and use of personal information should be evaluated when privacy interests overlap or conflict with other interests, values, or significant community needs.

First Principles

A. Collection
There should be limits on the ability of information keepers and processors to collect personal information. Information should only be collected when relevant, necessary, and socially acceptable.

A-1.
Information should be collected directly from the individual whenever possible.

A-2.
When not collecting information directly from the individual, notice, access, correction, and other rights should be provided if the information is used to determine rights, benefits, and opportunities.

B. Notice/Transparency
Individuals providing information to an information keeper and processor have the right to receive, at the time that information is provided, a notice of information practices describing how the information will be used, maintained, and disclosed. Information keepers and processors must provide a copy of notice of information practices upon request. There should be no secret systems containing personal information. Individuals have a responsibility to make informed choices about how information about them is to be used.

C. Access and Correction
Individuals have the right to see and have a copy of any information about themselves maintained by others, consistent with the First Amendment and with other important public and private policy interests. Individuals have the right to seek correction of information that is in error. When a correction is made, the individual may require that copies of the corrected information be provided to all previous recipients. Where this is a disagreement about the accuracy of information, the individual may include along with the disputed information a statement of disagreement.

D. Use
Information may only be used for a purpose that is identified and described at the time that the information is collected. Other uses may be permitted only if they are not inconsistent with the original understanding.

E. Disclosure
Disclosures other than those described at the time of collection may be made to third parties only with the consent of the individual or where required by law. Explicit consent by the data subject shall be required for personal information of the highest sensitivity and may be implied for less sensitive personal information. (Whether consent must be express [opt-in] or may be implied [opt-out] is an open question.)

F. Accuracy
Information keepers and processors must take appropriate steps to assure the accuracy, completeness, timeliness, and security of the information. Information keepers and processors must devote adequate resources to these functions.

G. Enforcement
Rules about the collection, maintenance, use, and disclosure of information should be enforced through suitable mechanisms, such as administrative processes, professional standards, civil actions, criminal penalties, government or private ombudsmen, and other means.

H. Oversight
There is a need for an independent federal entity to conduct privacy oversight and policy-making activities.

  • Information keepers and processors and others should be encouraged to explore technical means to protect privacy.
  • There should be an exploration of other means to promote self-determination in the use of personal information, including proprietary rights and dual control mechanisms.
  • The creation of information trustees who maintain personal data on behalf of diverse information keepers and processors should be considered.
  • There is a need to explore the rights and responsibilities of individuals and information keepers and processors when changes in the use and disclosure of information are developed after the time of collection.

Together we must begin drafting a law that can be shared by the people, city governance, and our local businesses. Together we must approve these measures and begin putting a stop to mass surveillance on any and all people, not just Americans, while also demonstrating our right to privacy.

Spearheading a Wikisource repository for political speeches

How did President Obama think about a politically-sensitive topic that concerns you a year before his presidency? How about 5 years before his presidency? 10 years? How far back in his public service does his opinion matter?

Politicians talk a lot. Everyday. Their public speeches should showcase their absolute and relative opinions about how they think Government should affect you. Where can you go to see what they said? How compassionate were they about the issues that matter to you? Did they lie? Did their opinion change? Why did it change? We can’t even begin to answer these questions unless we document them.

This project aims to have citizens use their cell phone’s video recorder to document the speeches of local, state, and national representatives. These videos will be uploaded to Wikisource.org, openly licensed using the Creative Commons, and transcribed so that search engines can index these important words.

The goals of phase one:

  • Develop a standard Wikipedia-modeled framework for properly documenting public political speeches
  • Spread the word to everyone so people know to record their representative’s public speeches
  • Spread the word to netizens who wish to transcribe and verify the transcriptions
  • Spread the word to journalists and researchers to constructively use this data
  • Wiki 1,000 political speeches within a one-year time span

Example: Remarks by the President on Osama bin Laden

 

Low-quality, high-entropy information incites war

This article is practice for my ongoing and developing theory of fundamental information classification. I do this for fun.

From the SANS NewsBites Vol. 14 Num. 76 email:

The Financial Services Information Sharing and Analysis Center (FS-ISAC) has issued a warning to US financial institutions to be alert for cyberattacks following outages on the public websites of Bank of America and JP Morgan Chase. There are reports that several banks are being targeted by distributed denial-of-service (DDoS) attacks, but the others have not been named. The warning from the FS-ISAC comes just two days after the FBI issued a fraud alert warning that cyber criminals may be launching attacks as a distraction from attempts to conduct fraudulent wire transfers. National security officials in the US now believe that Iran is behind the attacks on the bank sites, and they may have been launched in retaliation for US sanctions on Iranian banks.

Source-provided link: Officials see Iran, not outrage over film, behind cyber attacks on US banks

The primary information of this specific article includes: “Iran” “attacks”, and “US”. Information classification has been discussed here: http://yawnbox.com/736. Information entropy has been discussed here: http://yawnbox.com/385.

All possible facts aside…

A group of purported hackers in the Middle East has claimed credit for problems at the websites of both banks, citing the online video mocking the founder of Islam. One security source called that statement “a cover” for the Iranian government’s operations.

A “…source…” existing at all is primary-derivative information, because the primary information would exist without the support of this derivative information — in other words, the information network(s) that this article is, is bettered by the inclusion of this derivative information.

All in-network information (having to do with the primary information) should start out with a “primary-” indicator. All in-sub-network information, or, information concerning supportive information (secondary, meta, operational, or derivative) should start out with a “primary-[secondary,etc]-” indicator. Dependencies should always be explicit when identifying information classifications and information network definition.

“One [ ] source…” is low-quality primary-derivative-operational information. It is “operational” because of the defined rule of there being one and only one source, from which the primary information is presumed to be based, creating a low-quality primary-derivative information dependency. The stakes on this dependency is high and the explicit nature of one-and-only-one, lacking diversity or specificity, can only get lower one more time (zero sources). Information entropy = high.

One “…security…” source is low-quality primarty-derivative-operational-meta information. It is “meta” (purely: an indication about the nature of non-meta information and not definitive enough to be operational or derivative, yet attempts to be operational) information in an attempt to support the “…source…” operational information, being that “security” has multiple (non-related) definitions that are dependent on third-party and/or non-communicated ideas. Information entropy = high.

Observational note: the inclusion of “…security…” to describe the “…source…” can go both ways in terms of supporting information or disinformation. It may be that fourth-tier information (primary=1st, -derivative= 2nd, -operational=3rd, -meta=4th) will always have this “either-or” effect. Or, perhaps, because it is dependent “meta” information.

“One security source called that statement “a cover”…” is low-quality primary-derivative-operational-derivative information. It is “derivative” information, in support of the operational information provided by the “source” (priamry-derivative) information. Due to the dependency on the upper-tier information (derivative and derivative-operational) and the stark “take my word for it (by an unknown actor)” play, information entropy = very high.

The attack is described by one source, a former U.S. official familiar with the attacks, as being “significant and ongoing” and looking to cause “functional and significant damage.” Also, one source suggested the attacks were in response to U.S. sanctions on Iranian banks.

“…[B]y one source…” is low-quality, primary-derivative-operational (see above) and primary-derivative-operational-derivative information. The additional, fourth-tier information classification (-derivative) is evident due to the fact that the language used distinguishes this source from the former source in the article. It is not “meta” information due to the fact that it is supportive in understanding the article’s supportive presumed-information. This additional information classification is further supported by the (still low-quality) primary-derivative-operational-operational information, or, the operational information that specifies that this source is “…a former U.S. official…”. Information entropy = high.

Observational note: Information can and likely always has multiple classifications.

“…[F]amiliar with the attacks…” is low-quality primary-derivative-operational-meta information. It is “meta” to the “…one source…” because it attempts to describe how well the source should understand the nature of the primary information of this article. It is implicit information, meaning that it is lacking any supportive information, yet is being used as supportive information for dependent upper-tier information.

Observational note: “implicit information” needs further definition. Perhaps it is simply high-entropy information, which requires an explanation, or it simply represents the nature of “meta” information.

“Also, one source suggested…” is low-quality and follows the same logic outlined above. This appears to be a third, unknown source. Information entropy = high.

The former head of cyber-security for the White House testified Thursday that “we were waiting for something like this from Iran.

“We” is low-quality primary-derivative-operational-meta information. It is “meta” because “we” (more than one, including s/he) is not supported by any explicit information–the sentence implicitly suggests close ties with the White House. It is attempting to support the third-tier operational information, or, the act of said group (second-tier derivative) expecting (third-tier operational) an attack “like” this. There is a disconnect here. At first glance, “we” reads as if explicit derivative (fourth-tier) information. It is very easy for me to read this sentence and presume that “we” is explicit given the implicit context of the quote. This portion of the article could be substantially bettered by the addition of derivative (fourth-tier) information. Information entropy: very high.

“…[L]ike…” is a huge red flag. This is low-quality primary-derivative-operational-meta information. Qualitatively, there are so many things that an “attack” can be like. US intelligence for government requires specificity. Information entropy = very high.

Retrospectively, all primary information networks that have dependencies on these  primary-derivative pieces of information have high to very-high entropy, meaning, the likelihood of misleading and/or disleading information is high to very high.

Information that is intended to conform an informee to an idea(s) can be dangerous. In the United States, citizens are often[1] exposed to information that compels an informee to generate information networks (knowledge) that align with the possibility of war between the US and Iran.

[1] http://www.aljazeera.com/programmes/listeningpost/2012/02/20122258252674477.html

This analysis of this single source is still dependent upon the likely existence of “secondary” information (the absence of primary information) and/or the likely existence of supportive (meta, operational, or derivative) information or misinformation.

UPDATE 2012-SEP-23

Some support my findings:

“Iran has not hacked the US banks,” Head of Iran’s Civil Defense Organization Gholam Reza Jalali told FNA on Sunday.

Source: http://english.farsnews.com/newstext.php?nn=9106241736

UPDATE 2012-OCT-03

Some more support my findings:

…none of the five experts interviewed for this article had any evidence to support claims the attacks were sponsored or carried out by Iran…

Source: http://arstechnica.com/security/2012/10/ddos-attacks-against-major-us-banks-no-stuxnet/

Citation needed

When people say that something is information, they probably really mean that it is presumed-information, very much like the notion of being presumed innocent until proven guilty.

https://xkcd.com/285/

In one of my most favorite blog posts ever, for satisfying the feeling of both accomplishment (subtle pleasures) and development, I disused a process for identifying disinformation surrounding the primary information in a news article. The focus, and the reason why I wanted to ‘out’ the disinformation, was the headline.

I only went so far as deconstructing the articles headline for two reasons; first, I am still developing my ideas and wanted to start with something small. Second, compared to how much time it takes for me to consume a normal news article, consuming it in this fashion takes considerably more time. I hope to eventually streamline some of these processes with the help of computer software, but first I need to practice and better understand this stuff.

Processing an entire article, and not just processing a headline and specific parts of an article, will take much longer. I have not committed enough time to try it, yet. But every so often, while reading an interesting article, I spot some presumed-information that is obviously needing support.

For instance, this article from Foreignpolicy.com titled, “All the Pentagon’s Lawyers”, contains a sentence that is screaming vagueness.

The United States was instrumental in the creation of the United Nations and the various international human rights treaties and institutions.

I could not help but think about the above XKCD comic after reading it.

The quote by Rosa Brooks, however much support the author (information producer) may think it provides, initiated a slippery slope condition for me (the information consumer), so much so that I was no longer thinking about the story of the article but instead how ill-used this specific byte of information is.

Aside, however stark this specific byte of information is, every sentence consumed should have its own probability-of-informativeness.

This is not to say that the sentence in question is not informative–it has highlighted an issue, obviously important to the information producer, that has been presumed by the information producer to be important, and relevant, to the primary information of the article.

So, what is this sentence, in the scope of inferred information classification, as stand-alone information? This is mostly a mental exercise, but critical for breaking information down for identifying entropy or misinformation. This is not exhaustive:

– Primary: the United States as a stakeholder
– Primary: the United Nations as a stakeholder
– Primary-meta: the notion of international human rights
– Primary-operational: the notion of creating treaties and institutions

What is clearly lacking here, as stand-alone information, is derivative information. To me, “The United States was instrumental [how]…” is where this could have easily been expanded, and ideally, in relation to the rest of the article.

What is the inferred information classification of the article? It seems that there are four ways of figuring this out:

1. Read the article-title
2. Read the article and describe it in a sentence or two
3. Visually depict the article by word-count
4. Visually depict the article by information-network

#1 is easiest, but only to obtain a general (and likely memorable) idea. #2 is easy, but describing it as if inputting its content into a Wikipedia article takes a bit of work. Especially for me since I have a reading-comprehension learning disability. It takes longer than most for me to synthesize written text, and is probably why I am so keen to break information down in this manner. #2 also has the strength of showing the articles retrospective subjectivity according to the information consumer.

There is a tool to make #3 in a snap: Wordle.net. However unfortunately, doing so severely lacks specificity:

#4 is where I hope to take this research, as I am unaware of any tool to help do this in any useful way. To accomplish this would be very complex, which mirrors the nature of information, let alone the nature of sharing information. Information should be understood according to the scope of the story provided (the shared network of information), but also in the larger context of an information network, where these bits and bytes link with the other bits and bytes of other available information by other information producers.

Back to the sentence in question, it is clearly derivative. Concerning the scope of the article, without following up in such a manner that would require me to do my own research, it does appear to be valid in use, and therefore is likely primary-derivative in nature. Hence the slippery slope–the information byte is derivative, but so much so that it is lacking its own derivative support to appear sound. There is so much entropy between this byte of primary-derivative information and the scope of this article that it, at first, appeared to be misinformation. Using information like this should be discouraged.

Rosa Brooks, the author, probably knew that including this byte of information was a stretch because of her use of parenthesis (yet being its own sentence). This might only be a sign laziness, but I certainly cannot claim to remember to replicate 100% of my knowledge into information for others when writing. It is very interesting to see the diversity of branches and leaves in an intelligently created network of semantic information.