Is a software apocalypse coming?:
Our world is increasingly reliant on software, in fact, it's been said that "software is eating the world"
An ever increasing number of systems that were controlled by human beings, or mechanically controlled are now controlled by software
These older systems had a known and observable number of states that could be easily understood and tested exhaustively
Software is becoming increasingly complex and increasingly interconnected
"When we had electromechanical systems, we used to be able to test them exhaustively" said Nancy Leveson, a professor at MIT who has been studying software safety for decades
For six hours in 2010, the entire state of Washington had no 911 service due to a software bug
In the summer of 2015 United Airlines entire fleet was grounded due to a bug
On the same day, trading was halted on the NYSE
Six patients were killed by a Therac-25 radiation therapy machine due to a software flaw
Software failures tend to be failures of understanding and planning
Leveson says "The complexity is invisible to the eye"
Software enables us to make the most complex machines that have ever existed, and all that complexity is buried in millions of lines of code
"The programmer has to be able to think in terms of conceptual hierarchies that are much deeper than a single mind ever needed to face before" - Edsger Dijkstra
In 2007, a Toyota Camry accelrated out of control which lead to the death of a passenger and a lawsuit
Experts spent 18 months analyzing the code that controlled the car. They described it as "spaghetti code", programmer speak for code that has become complex, convoluted and difficult to understand and maintain
The team of experts demonstrated that there were more than 10,000,000 ways for the onboard computer to cause the unintended acceleration
The code that was supposed to prevent such a thing couldn't handle every possibility and failed. The plaintiff was awarded $3,000,000
Programmers and scientists are working on tools and techniques to reduce complexity and increasing visibility and testability
What "anonymous" location data reveals:
The Snowden NSA revelations exposed the extent of the government’s smartphone location tracking records
The Washington Post reported in 2013 that the NSA is gathering 5 billion records per day on people’s cell-phone locations
Sen. Dianne Feinstein (D-CA) remarked that collecting metadata is "not surveillance."
Both Feinstein and the NSA have maintained there is no harm in the government collecting this information because it’s "anonymous"
Advertisers and tech titans suck up our location information through our apps
Recent studies by MIT and Stanford have demonstrated that this is patently false
The MIT study found that four bits of metadata can be used to identify nearly 95% of people
MIT researchers reviewed 3 months of credit card transactions and records of 1.1 million people who shopped at 10,000 locations
They discovered that even without price information, two data points were enough to determine identities of more than 40% of the people. 5 data points and price information got them to near 100% identification
A recent Stanford study also illustrates how trivially easy it is to de-anonymize information
Two Stanford computer science graduate students acquired detailed information about people's lives using telephone metadata from 546 volunteers using the MetaPhone app they created. It collects call logs and social media information
The students, Jonathan Mayer and Patrick Mutchler, remarked "Phone metadata is inherently revealing" on the Stanford Law School blog
Using phone records containing 33,688 unique numbers, they matched those against Yelp and Google Places to see who was called. 18% were matched to a specific identity
Mayer and Mutchler say their research illustrates metadata from phone calls can yield a wealth of detail about family, political, professional, religious and sexual associations
Mayer said “Phone metadata is unambiguously sensitive, even over a small sample and short time window. We were able to infer medical conditions, firearm ownership and more, using solely phone metadata”
"Companies often claim to have 'anonymized' your location history by taking your name off it,” said Peter Eckersley, chief computer scientist of the Electronic Frontier Foundation (EFF)
"But that is totally inadequate because you’re probably the only person who lives in your house and who works in your office, and it’s easy for any researcher or data scientist to look at a location trace and figure out who it belonged to" - Eckersley
Gilad Lotan, vice president of BuzzFeed’s data science team analyzed a month’s worth of two different users’ anonymized location data and was able to demonstrate that people are easily identifiable
Two "anonymous" users downloaded their data from Google Maps Timeline and it was deliverer to Lotan for analysis
The two users in question had their Android phones set collect location data continously
Lotan was able to identify both people correctly in a few hours
Learn more information here:http://webpolicy.org/2014/03/12/metaphone-the-sensitivity-of-telephone-metadata/
Your phone is most likely tracking everywhere they go with extensive detail including location and time
Many apps tell you they are collecting location information, some don't and some do it even if you have denied access such as Accuweather
The location data is very detailed, it includes latitude and longitude within a few feet or meters
Since most people keep their phone turned on and with them at all times, a very detailed and easily accessible log is being kept
iOS (Apple):
Apple says “Your iPhone will keep track of places you have recently been, as well as how often and when you visited them, in order to learn places that are significant to you. This data is kept solely on your device and won't be sent to Apple without your consent. It will be used to provide you with personalized services, such as predictive traffic routing.
You automatically consent when you allow Apple to “use your frequent locations” to improve your maps feature.
To find your locations, follow these steps
Select on “Settings”
Choose “Privacy”
Choose “Location Services”
Choose “System Services”
Choose “Frequent Locations”
Select each city and location to view the places you’ve been
To disable it:
Select Settings
Choose Privacy
Choose Location Services
Choose System Services Choose Frequent Locations.
Turn it off
Android (Google):
Has a similar capability. If you use an Android phone, you can view your location history athttps://maps.google.com/locationhistory
You can delete all of the stored history at that link
Google says “Google Location History lets Google save your location to provide benefits like improved map searches and tailored commute information.”
Google’s location services have two parts, Location Reporting and Location History
Location Reporting makes your location available to apps and services such as navigation and your camera. If you disable this feature it will impact the usability of the phone.
Location History logs where you’ve been
To disable Location History:
Go to Settings
Select “Location”
Select “Google Location reporting”
Select “Location History”
Slide the slider to “Off”
Optionally, you can click “Delete Location History” to clear the logged data
Your "smart" device may rat you out:
The use of smart devices continues to rise
An estimated 8.4 billion devices were connected to the Internet in 2017, a 30% increase over 2016!
Gartner predicts roughly 3 smart devices for each person on earth by 2020
Any number of devices such are becoming "smart", containing sensors and supporting Internet connectivity
These devices are collecting increasingly large amounts of data about us
Police and attorneys are turning to these devices to collect evidence. For example:
Prosecutors sought recordings from a suspect's Amazon Echo in 2015
Police in Lancaster County, PA used Fitbit data to determine that a 43 -year-old woman who filed a report about being attacked in her home was lying
She claimed she was sexually assaulted by a man who entered her home at midnight
Officers said they found overturned furniture inside the home as well as a knife and bottle of vodka
The woman told police she was sleeping when the attack occurred. She described the assailant as in his 30s and wearing boots
Officers found no boot prints in the snow outside the house. Additionally, they reviewed the woman's Fitbit data and it revealed that she had been "awake and walking" the time of the alleged attack
Investigators determined that the attack was unfounded based on the evidence available from the Fitbit and the lack of boot prints. She was charged with three misdemeanor counts for prompting the emergency response and manhunt
The woman and her attorney recently waived a preliminary hearing on the charges
This is not the first case where activity tracker data has been used to in criminal and civil cases
A law firm in Calgary has taken the first known personal injury case to use activity data from a Fitbit to illustrate how an accident impacted their client
As more devices get “smart”, the data they collect will increasingly be used in criminal and civil cases
In another case, police found Richard Dabate beaten and tied to a chair in his home, his wife was dead. He claimed the perpetrator was still in the home
When the perp was not found and police investigated, they were able to piece the details together from the wife's FitBit, the home's alarm system, Facebook, cellphones, email and a key fob
He was charged with her murder and has plead not guilty
In another case, a Middletown Ohio man's home was destroyed in a fire which caused roughly $400,000 in damages
Law enforcement officials became suspicious after details of Ross Compton's escape from the fire emerged
Compton has an artificial heart linked to an external pump. A cardiologist said that "it is highly improbable Mr. Compton would have been able to collect, pack and remove the number of items from the house, exit his bedroom window and carry numerous large and heavy items to the front of his residence during the short period of time he has indicated due to his medical conditions."
Police obtained a search warrant to collect the pacemaker's electronic records which were used to review heart activity prior to and during the incident
Experts determined that Compton's story did not align with his heart activity at the time
Compton has since been charged with arson and fraud
Middletown police said this is the first time data from an embedded medical device has been used to charge someone
"We are entering an era of 'sensorsurveillance'" - Andrew Ferguson, University of DC law professor
Virginia State Police Special Agent Robert Brown III said the current trickle of such smart-device cases will likely become a flood. "It will definitely be something in five or 10 years, in every case, we will look to see if this information is available" - Robert Brown
This raises questions concerning the Fifth Amendment which protects individuals from self-incrimination, but was not written with these devices in mind
Courts have held that people who voluntarily disclose information to a third party have no reasonable expectation of privacy
Ferguson said the transfer of information from smart devices transfer data 3rd-party servers could make the invalidate the expectation of privacy
Privacy advocates are warning that many consumers are unaware of the information these devices are harvesting
They also point out that there are few laws that control how enforcement officials can use this data
Ferguson said "In a world of truly ubiquitous connectivity where we are recording our heartbeat, our steps, our location if all of that data is now available to law enforcement without a warrant, that is a big change"
"That's a big invasion of what most of us think our privacy should include" - Ferguson
Rest assured that this won't be the last time a device snitches on it's user