danni naeil

Category: Books

  • Book review: The Perfect Weapon

    Book review: The Perfect Weapon

    The New York Times has journalists (often called reporters, correspondents or writers) devoted to dedicated, limited subjects/topics, such as White House correspondent, lead consumer technology reporter, or national security correspondent, like David E. Sanger. He happens to be a colleague of Nicole Perlroth, author of This is how they tell me the world ends [min egen länk], and this book a kind of sibling. While she covers cybersecurity and digital espionage, he mainly covers national security, and one must read the book with that perspective.

    “The Perfect Weapon is the startling inside story of how the rise of cyberweapons transformed geopolitics like nothing since the invention of the atomic bomb” it says on the back cover, and Sanger dives into cyberweapons and their implications on national and international security. American-Israeli Operation Olympic Games is the starting shot of cyberattacks on nation-states about 15 years ago. Preparations of Operation Nitro Zeus, of which I knew nothing previously, was the second, although it was never deployed. In short, Nitro Zeus was supposed to entirely shut down Iran if the US needed to bomb the country in case of attacks on Israel, by infiltrating virtually everything digital in Iran.

    Sanger explains some of the cyber warfare infrastructure of the US, such as TAO (Tailored Access Operation) and US Cyber Command, as well as the immense offensive capabilities of the US. Then he explains the infamous (and famous?) Russian hack of the Democratic National Committee is covered, unflattering as it is in his depiction of incompetence, laziness and inertness. Likewise depicted is the very serious hack of the Office of Personnel Management, when China took personal data on approximately 21,5 million American citizens (an astounding amount of personal data on people with security clearance) and 5,6 million fingerprints of important personnel in the US.

    Barack Obama managed to accomplish a kind of truce with Xi Jinping after attacks, which lasted until the Trump administration chose trade war with China. In his now famous annual address on New Year’s Eve for 2018, Xi Jinping had two books on artificial intelligence on display, carefully chosen as symbols of ambitions and interests of the Communist party the coming years. Some believe the data stolen from the US is a way to train AI, mapping both people and country.

    What the US taught its adversaries through cyberattacks and cyber espionage was how imperative this capability is, at a low cost to boot. North Korea was not a power to be reckoned with before American meddling, but now it is, just like Iran. Instead of limiting attacks and espionage to state organizations, adversaries attack and or spy on civilian (or soft) targets: municipalities, companies, large corporations, journalists, politicians, activists.

    Sanger also draws conclusions I have barely encountered before, however logical they are once read, stemming from his focus on national security. In the trove of data Edward Snowden collected and shared with a few chosen people was information on how the National Security Agency (NSA) installed their own equipment in companies’ products (like Cisco). This, not the ways NSA accessed the tech giants’ servers to spy on its own population, was the real important find. This damaged US national security and has had very serious implications in geopolitics. One aspect of this is the trade-technology-war between the US and China. Why would Americans let Chinese companies build infrastructure in the US when they knew exactly what they themselves would do, were they to build infrastructure in China? And why would the Chinese not attempt to build backdoors and make attempts to spy on the Americans at every turn, when it was proven the Americans did exactly this?

    Like Perlroth, Sanger concludes that the US is mostly to blame itself. It showed the world cyberweapons are useful. It amassed the most encompassing espionage apparatus ever, with amazing offensive capabilities. But it cannot defend itself. The US is wide open for most attackers.

    Since the release of the book, Joe Biden has become president and his administration has showed a much more ambitious approach of beginning to cybersecurity than his predecessors. The administration is deeply engaged in cyber defense and security, making it a priority in the infrastructure bill (cyber is mentioned 319 times in the Infrastructure Investment and Jobs Act), participation in conferences and speeches. The lid is off.

    Seldom have I come across a book so outstanding and worthwhile, it’s absolutely teeming with information on cyberweapons and warfare. If you’re to choose one book to read on these topics, it’s The Perfect Weapon. Besides, how could I not like a book with chapter titles like From Russia, With Love and Pandora’s Inbox?

  • Book review: Twitter and tear gas

    Book review: Twitter and tear gas

    Occasionally I acquire a book that simply gives me goosebumps and a joy to read. I feel honored to even hold the book in my hands. Reluctantly I put the book away and the withdrawal symptoms come. An anxious sensation sets in, preventing me from reading the book too fast, because what then will I read?

    Zeynep Tufekci is the programmer turned sociologist, the associate professor studying technology’s impact on social movements, protests and surveillance capitalism. She’s also a contributing opinion writer for the New York Times, the Atlantic and other places, with an amazing sense for systematic thinking. In 2017 she published the book Twitter and Tear Gas – The Power and Fragility of Networked Protest. It’s a delight to read.

    She studies social movements, usually anti-authoritarian ones, and combines this with social media: how does social media impact movements, their organizations, their decision-making, their goals? Examples are given from Tahrir square in Cairo, Egypt, Gezi Park in Istanbul, Turkey, the Occupy movement and Black Lives Matter. As a sociologist she turns to social media and field studies, meaning she actually spends time with activists in the streets and public spaces.

    One advantage of networked protests using social media is the rapid ability to organize people. Movements can mobilize and organize as fast as the police. People who never organize or even utter a words in defiance can quickly mobilize, which is another advantage. One disadvantage for movements is that the algorithms governing social media are out of control, and can easily become a hindrance to lbtqia+-activists or other political activists who cannot be anonymous or are targeted with hatred and threats. Social media is a corporate-owned public sphere, flawed compared to the coffeehouses and tea-houses of old. No matter how much software developers at Google or Facebook sympathize with activists in, say, Turkey, the system they work for is manipulated and turned against the activists.

    Another part of the book delves into how regimes and governments strike back, by attempting to control the public (digital) sphere. Responses from the governments in Russia, Turkey, Egypt and China are presented. They can actively drown movements and activists in hatred, threats or misinformation. There’s also the risk of omnipresent surveillance of any political comment on social media.

    But social movements don’t necessarily fail and when they fail, the faults may be their own or indirectly caused by social media and the (sloppy) usage of Internet. In comparison to the Civil rights movement, which Zeynep covers also, the new social movements tend to lack some very important aspects: organization, decision-making and goals. She gives the reader different detailed examples, which I will not delve into here, of how movements work for change. However, they often lack a clear set of achievable goals they can organize around and compromise about. Since they lack a clear decision-making structure, they are unable to discuss, vote and compromise. If a government actually is ready to negotiate, what is the movement going to negotiate about? And how are they to discuss the offers made by the government? Can they even measure how close or far away their goals are? If they are too far away, will people abandon the movement, and if they are too close, do they take “victory”/change for granted?

    All in all, this book is a pleasure to read. Zeynep presents theories, how algorithms work, how decision-making is made (or unmade), how movements begin and where they fall asunder, how governments respond and so much more. If you’re ever interested in networked protests, social movements and the Internet – this one is a must.

    Massive Attack – False Flags

  • Book review: This is how they tell me the world ends

    Book review: This is how they tell me the world ends

    What is a zero-day? You may have heard news involving zero-days or zero-day exploits without actually reading those words, or you actually have read about zero-days, such as the Pegasus Project and the NSO Group? Someone clicks on a link in a text or message and voila! they’re hacked. The device is spied upon and/or controlled by someone else. Apparently, this someone doesn’t even need to click anymore. An unseen text or message is sent to your device and it’s no longer really yours anymore.

    Nicole Perlroth is an American journalist focused on cybersecurity and digital espionage and did recently release her first book, This is how they tell me the world ends.

    A zero-day is an unknown (security) flaw in software, like an operating system or program. This flaw can be exploited by someone, most likely to hack into this operating system or program. Mostly she writes about the invisible market and marketplace for zero-days, “the blood diamonds” of the security trade coveted by actors: nation-states, companies, developers, criminal networks. There are terrifying aspects to these exploits, some of which I’ll never tell friends or family, involve developing really nasty spyware or weapons to sabotage elevators, cars, jet fighters, the electric grid, power plants and you name it. A well-planned attack can send a country back to the analogue age. A well-planned and well-executed attack can annihilate enough date to destroy the state itself.

    Perlroth’s way of writing is that of a thriller and she revels in it. I find it refreshing, though I think the reader needs to be aware of how she portrays the people she meet, talks to, the details they reveal to her. There’s no protagonist to save us from impending, lurking doom. Instead Perlroth is present, almost like a character in this real-life thriller guiding us through how Ukraine has been attacked by (terrifying) NotPetya, the (fascinating) Project Gunman, (the amazing) Stuxnet – it’s all here, like classic novels. How China breached Google, the perpetual Russian intrusions and the Shadow Brokers stealing the arsenal of National Security Agency (NSA) are also told. She traveled to Ukraine to witness repercussions of cyber warfare. She talked to former bosses at the NSA, American secretaries of defense, the Finnish president, companies attempting to create a proper market for zero-days (or the fixes of them), mercenary coders working for the United Arab Emirates, Argentinian hackers in Buenos Aires. She went to congregations with men selling zero-day exploits, encountering the fucking salmon – that which should not be brought into the light.

    What she finds is also an expanding interest for zero-days, the intelligence and security agencies desire to breach cybersecurity of hostiles and friends, and nation-states willing to arm themselves with digital weapons. Details may be missing, words exaggerated, but I can accept them. Writing for laymen is difficult and overall it’s the sum of the parts that matter: the system, the sophistication, the evolution.

    Writing about tech can easily evolve into thrillers because of technical details, opaque and mystified to most people, and the thrill of spies and people lurking in shadows, forbidden spaces. I’m not one to read thrillers, but this thriller-like book I like. It’s long, intriguing, exciting, disturbing and in the shadows lurk horrible things that do happen and can happen. And if you happen to be interested in the zero-days market, there’s virtually no other book to read. So, go ahead.

    You – Regard, Troye Sivan & Tate McRae

  • A book that changed my life

    A book that changed my life

    Most of can relate to, and reminisce, a moment in our life when we made an important choice, when we reach a subtle decision point. Not long ago I was on my way out of a bookstore when I suddenly caught the attention of a book I had seen before, but disregarded: Deep Work by Cal Newport.

    In short, Newport argues that more and more people are losing their ability to focus on one single thing – deep work. Deep work is related to learning and doing an excellent job: being able to learn things very well and also performing them very well without being distracted. Part of his statement, if you want to call it that, is that people who know how to focus and deep work are the ones with higher status and salaries. They will, most likely, be more exempted from rapid changes in the marketplace/workforce and constant job insecurity. People who can deep work are able to work with machines, programs and will always be better at learning even more new things. They are versatile.

    He names different people who have learnt to focus intently on one task at a time, such as Carl Gustav Jung, Mark Twain, Bill Gates, J.K. Rowling and Theodore Roosevelt. My favorite is a man changing career to become a software developer. He chose to isolate himself for a while and studied only books on programming and later became one of the best students at a devcamp.

    Network services, such as texts, mails, instant messages, blogs, microblogs cause time to be fractured into tiny incoherent pieces. I mean, is sending mails really work? Are we paid to send and receive mails about virtually anything? Who in their right mind pays us to spend time on Facebook, unless it’s explicitly in my job description?

    Whenever I think of work today, I picture myself with my back to a mound or a hill. Right behind me is a small tunnel venturing into the hill. I’m able to see the end of it clearly, as well as people there. In front of me is green, billowing hills basking in wonderful sunshine with a clear blue sky as background. Behind me, through the tunnel, I can hear the noise, the hysteric conversations and shouts, the endless chatter, though if I just relax that all goes away.

    This is also how I describe my state of mind to people who ask me how I feel and what I do when there’s stress and pressure. I don’t imply I never feel lost or stuck in between chores, but it rarely happens and I can simply turn it off by taking a deep breath. But the difficulty is not I. Instead it’s everyone else stuck on the other side of the tunnel, the hill. The people who so dearly want to be heard, who scream out their importance, who spam me (and others) with mails, phone calls, messages of various kinds, who so desperately want a response, a reaction. I find it sad and somewhat shocking I was once there too, and my greatest issue is explaining this to people who actually are so plainly stuck, that I’m no longer one of them. I don’t long for their hysteric communication, their endless chatter, their constant flow of mails at work, mails with no relevance or coherence. It pains me people are unable to actually communicate properly, because they lack the insight to their own problems.

    Newport doesn’t have a one-way ticket for everyone and he concentrates on people working in office, in the service sector, with computers. Thus, it’s hard to read this book and apply most of it if you’re a nurse, a bus-driver or preschool teacher. He introduces several methods and techniques dependent on work, children, age and the like. I won’t go into more details, except for some basic rules:

    • Don’t work during evenings
    • Don’t work during weekends
    • Don’t work on holidays
    • Walk or jog a lot
    • Don’t spend much (or any) time on social media

    Basically, it’s one of the most useful books I’ve ever read. It’s rather short, easy to read and brimful of tips and tricks for creating a better prerequisites for life, not just work. He gives you useful tips on how to actually convert your everyday work into an experience where you actually benefit more than you possibly thought possible.

    Back to my bed – Elderbrook

  • Book review: Privacy is power

    “It’s not about something to hide, it’s about something to lose”. This quote by Edward Snowden sums up this book by Carissa Véliz, first released in 2020. Here, I will present some topics of the book for the interested. I should emphasize that this review concerns the 2020 edition.

    Carissa is an associate professor at the University of Oxford and has led an extensive research project on privacy, Data, privacy & the individual.

    Introduction of everyday life

    She takes us on a tour through everyday life with an array of technological devices and the related privacy issues: electronic door bells, cameras of various kinds and genetic tests. It’s nice to read something that’s actually relatable, in a setting of everyday life, starting in the morning and ending the same day. At times, though, it’s a bit far fetched. All those devices and the lack of privacy is there to depict a bleak and likely future more than life today, because very few people encounter all of those devices every single day. We meet them all in one day as one person.

    Collective aspect of privacy

    By far, my favorite part of the entire book, and probably the most important one too. We’re not isolated people, but interconnected and interdependent. On my phone, there’s personal data on people I call, text, send mails and photograph. In the photos is location data and biometric data on people. In my calendar I reveal information on people I meet: when, where, why and how.

    Perhaps my neighbor’s phone contains photos of me, processed by apps I didn’t even knew existed, now fed some of my biometric data. What are the apps, who owns those apps, which personal data do they share and disseminate and with which third parties? Where is my personal data actually stored and what actual purpose is behind the collection in the first place?

    Our urge to willingly share information about ourselves to people we know is a gate into sharing information with an unknown amount of people. How many people read the privacy policy of a new app or service?

    Privacy is power

    Thus, one conclusion is that privacy is about power, because personal data is power. Collection of personal data is power, so abstaining or avoiding to be “harvested” is a key to keep autonomy and the privacy of individuals (somewhat) intact.

    Companies, which is most often the case in the Western countries, collects lots of personal data on lots of people. Virtually no one can avoid or escape this massive collection. Holding personal data means power, because people can be “nudged” into doing things they aren’t even aware. Tristan Harris’ famous article on “How Technology is Hijacking Your Mind” is a telling example, the Cambridge Analytica scandal another.

    Carissa shares a story of how someone she knows works as a programmer and assigned the task of surveilling one single person for a period of time. His job is to follow and study this person, in order to understand what computer systems can do and the amount of personal data one is able to collect. It’s not been long since it was revealed how tech giants assigned staff to actually listen to people’s conversations through voice assistants.

    What happens if a state turns authoritarian, as happens in Poland and Hungary, from within the European Union itself? What happens when the state also uses the personal data companies have collected? Carissa tells us a moving story from World War II, which I will write about separately.

    The inevitable technological progress

    A very common trope of the debate in many countries is that technological progress is more or less absolute, inevitable. No matter what we say or do, technological progress cannot be stopped. It has become a religion of sorts, a belief rather than fact. Carissa names Google Glass as an example of hampered technological progress. After the reinvention of the smartphone and the smartwatch, the glasses would become the next inevitable device for the masses. After heavy criticism, much concerned with privacy, and outright bans, Google Glass project was officially abandoned.

    Read it

    These are some of the topics Carissa covers in her book and I have briefly reviewed parts of the content. There’s plenty of more and all I can do is urge you to read it.

    If you would like a good introduction on privacy, I recommend the episode Privacy by the podcast Constitutional. It’s set in the American context, but is a very good story of how privacy became a more complicated issue in the United States one hundred years ago and the importance of one man, Louis Brandeis.