Tarun Wadhwa

Beyond Sexting: We Should Celebrate Snapchat and Encourage Ephemeral Communication

2013-05-22T19:10:02-04:00

You would think that it would be a terrible idea for a company accused of helping teenagers send each other sexually explicit images to feature bikini-clad young girls in their marketing. Most would avoid such direct associations, for good reason -- it's immature, and edgy when it doesn't need to be. But not the makers of the enormously popular app, Snapchat, which allows people to send images and videos that "self-destruct" after a few seconds.

The company claims messages are deleted once they are opened, but there have been a series of recent scandals showing that this may not be completely accurate. Their product is far from perfect, and there are several ways to compromise the protection they offer. It is never a good idea to send something over the Internet that would damage you or your reputation if it became public. While this may be common sense, it has little to do with how we actually act online.

The makers of Snapchat are right to reject the "sexting app" label -- it's not clear that this is what it is even being used for, and everyone deserves the option to communicate privately when they want, without automatically being branded as a pervert.

Within a few months of launching, the company has made an enormous and lasting impact on the culture of communication on the Internet -- and we should all be grateful.

They have simplified a security process enough to the point that anybody can use it, while validating the market of the next generation of privacy-preserving ephemeral communication. Most importantly, we may finally get a break from the forced permanence of the Facebook and Google world, where everything you do and share is a data point to be monetized and re-sold to the highest bidder.

And Snapchat isn't even the best product out there -- there's a whole slew of communication tools that are more secure and functional making their way into the public eye.

One of those is Wickr, created by RSA veteran Nico Sell, a more serious security-focused app that uses "military-grade" encryption to send text, video, voice, and document files that can self-destruct after a given period of time. Hospitals and law enforcement have expressed interest in a similarly functioning Android app, Gryphn. Although it's not "self-destructing," keep an eye on the exciting and powerful suite of communication apps developed by encryption legend Phil Zimmermann's Silent Circlecompany -- they are not for "average" users, but they could provide enterprise and more serious clients a massive improvement in security.

What apps like these do is allow us a little bit more freedom to be ourselves, for better or worse.

In the copycat world of Silicon Valley startups and funding, expect to see a lot more "Snapchat for _____" type companies. Finally, the lack of app creativity may work in the favor of consumers. We have accepted the notion that what you do on the Internet is permanent -- a statement that is partially a truthful observation, and partially a threatening promise from the companies and entrepreneurs who are making it a reality -- but it doesn't have to be that way for everything.

Perhaps the greatest impact of this rising industry will be when the giants try to co-opt them -- like Facebook attempted with Poke. The issue of trust in these companies aside, it would be a winning situation for everyone for ephemeral features to be built into the services we already use. We need more human-behavior-friendly default settings.

Privacy is complicated, and nothing is ever completely secure. Nobody is immune from this, as Nicholas Weaver wrote in Wired, "even the head of the CIA can't email his mistress without being identified by the FBI." But in the billions of messages already sent through Snapchat are a few people who didn't have their lives ruined because of something they shouldn't have shared.

The media can continue to ridicule the "sexting app" that so many young people are using, but they are entirely missing the point. The same generation being blamed for the supposed "death of privacy" has become wiser than those who are criticizing them.

In a candid admission at the Milken Conference this year, former UK Prime Minister Tony Blair, when recalling his college days playing in a band, told the audience, "thank god social media didn't exist then, because if it did, I wouldn't be here." The Internet wasn't built with security in mind, and we're still dealing with the consequences of that. The next generations are going to be the ones who pay the true cost of the design decisions we make today.

This article originally appeared on Forbes - Disruption and Democracy

Eye-Tracking Technologies Are About to Make Advertising Even More Invasive

2013-05-09T14:12:35-04:00

Advertisers are infamous for their relentless pursuit to learn about even the most mundane details of your life in hopes of selling you something. But there is one thing that has always eluded them: your physical reaction to their efforts. Whether a billboard, banner, or mobile ad, advertisers have had to rely on other indicators to know whether they have been able to grab your attention.

Unfortunately, this may be coming to an end. Advances in eye tracking technologies will soon make it possible for the ads you look at to watch you right back. As the next generation of computing turns to the eyes, a whole new world of interaction and control is becoming possible -- along with entirely new methods of invasive data collection and tracking. The same technologies that will make playing Fruit Ninja with your eyes a reality will also allow advertisers to monitor and measure everything you look at. As UCLA Professor John Villasenor explained in his piece on the issue for Slate, "today, when we read something online, our thoughts are still our own. We should enjoy it while it lasts."

Once a set of technologies used for assisting the disabled, eye tracking is quickly moving from the lab to mainstream applications. In its most high profile, albeit gimmicky, release yet, the new Samsung Galaxy S4 comes with "Smart Scroll" and "Smart Pause," features that allow you to (somewhat) move the screen up and down and pause videos with the movement of your eyes. The reviews of the phone haven't been great -- but there seems to be a lot of interest in the features themselves.

Although advanced eye tracking is still years away from mainstream deployment, in the last year alone there have been some incredible advancements in usability and accuracy.

Later this year, Tobii will release a limited edition of "REX," a small USB-connected bar that will enable you to control your desktop with your eyes. PredictGaze has developed a technology that can be used on ordinary cameras, work in different types of lighting, and supposedly function at distances of up to 12 feet. It is capable of performing facial recognition on shoppers to gauge how they react to different products and to determine which demographic groups they belong to. In perhaps the most startling development, researchers have developed a product called Sideways that can also work on ordinary cameras -- except it doesn't need to calibrate to each user and can even measure multiple people at once. In one instance, "fourteen people of various heights, ages and eye colors, who interacted with it simply by looking at a series of CD covers on a screen" were tracked at the same time.

The technology still has a long way to go, and by itself, eye tracking data wouldn't be nearly useful enough for informing a serious business decision. But in practice, this information would be paired with other data sets. Retailers, for example, have recently started to embrace methods more traditionally synonymous with surveillance. Traditional loyalty card programs have now entered the age of big data, and some malls are even using your cell phone location data to attempt to determine what products you are looking at. In the cutthroat world of retail, success or failure can determined by knowing more about what your customer wants than your competition.

Jay Stanley, ACLU Senior Policy Analyst, points out that there has already been extensive research into what we can learn about people from tracking where they look, and the results are worrisome. To varying degrees of accuracy, eye tracking can possibly reveal certain cognitive disorders, the use of drugs and alcohol, mental and psychological illness, deceitfulness, and even sexual orientation. This is not to suggest that any of these inferences are currently actionable. But if any of these measurements even come close to revealing your behaviors or traits, you can be sure there will be somebody to collect and sell this information.

The hype surrounding the release of Google Glass has sparked intense debates over what limits should be placed on recording devices in public. Many of its fanboys have been cheering for whatever minimal semblance of privacy in public we have left to be eradicated. They evoke the dangerous and intellectually-lazy falsehood that those with nothing to hide have nothing to worry about. What was once a common sense observation about there being no expectation of privacy in public has now been perverted into an excuse for law enforcement and advertisers to gather as much data as possible.

Naturally, when you walk down a street, your face is visible to those around you -- this is the justification given for the use of facial recognition and behavior detection systems in public. Does this same reasoning apply to eye movements? If your attention can be quantified, should you have any rights or control over how that information is used?

As technologies enable us to measure things that once were inconceivable, there will constantly be new classes of data which we will have to evaluate and determine their worth to us. Hopefully, by then, we will have learned our lessons from the Do Not Track fiasco and the "cost" of social media. We live in a digital environment where we own little, but everything seems free -- where the real price we pay in personal information to advertisers is not immediately visible, and we're told that in order to participate, we have no choice but to oblige.

Consider for a moment the type of future that Moti Krispil, CEO of eye-tracking startup Umoove, describes (and warns about): "If you see a picture of Adele somewhere in an article, when you're looking at her for more than two seconds, an Amazon ad could pop up suggesting you buy her latest record now." For advertisers, this is a goldmine -- there's an enormous amount of value in knowing what groups of people pay attention to which types of ads. But what exactly do consumers stand to gain from this?

-

This article originally appeared on Forbes - Disruption and Democracy

Lessons From Crowdsourcing the Boston Marathon Bombings Investigation

2013-04-22T15:56:28-04:00

All it took was a couple of hours for high-school sophomore Salah Barhoum to have his entire world turned upside down. Up until that point, he was best known for being a standout athlete. But suddenly, through no fault of his own, he was being followed by strange men convinced that he was responsible for the heinous bombings at the Boston Marathon that happened just days earlier. The FBI had not named any suspects yet, but his face was already on the cover of the NY Post, labeled as a person of interest.

Unfortunately for Barhoum, and well over a dozen others, they were the victims of shoddy detective work - their identities were broadcast publically while they were accused of crimes they had nothing to do with and maligned by the national media as terrorists. In reality, Barhoum and others were not even being investigated by the authorities involved with the case. Instead, they had been outed by anonymous commenters online, on Reddit and 4Chan, who believed they were guilty based upon their clothes and appearance. What started as an atypical request by the FBI to gather evidence from the public quickly morphed into a much uglier digital witch hunt; one where the crowd's fears, prejudices, and suspicions were given credence, while guilt and innocence were doled out based on shreds of circumstantial evidence.

In the four days, three hours, and nine minutes between the detonation of the first bomb and the Boston Police Department tweeting that the final suspect had been captured, a new approach for conducting crowdsourced investigations was established.

Although media outlets have been quick to lump all of the crowdsourced efforts together, there were two very different processes occurring which proved to have drastically different outcomes: crowdsourced intelligence gathering - a massive success, and crowdsourced crime solving - an abysmal failure. The FBI only ever asked for the first, but both happened simultaneously. They each offer important glimpses into major issues surrounding the future of law enforcement, justice, and surveillance.

In many ways, the Boston Marathon provided one of the most compelling cases for crowd involvement, ever. As one of the largest athletic events in the world, event planners estimate upwards of 500,000 people attend each year, the vast majority of whom have smartphones, and a sizeable portion of whom were actively taking pictures and videos throughout the event. Surveillance cameras have become ubiquitous, but they are fixed in place and have large blind spots - people, on the other hand, can provide deep context and multiple points of view of the same situation. For that reason, it's a natural fit for Big Brother to look to tens of thousands of "Little Brothers" for their help in gathering intelligence. After all, there is no police snooping network that could rival the surveillance regime of our smartphone lifestyles.

Regardless of the FBI's statements or wishes, they could never stop people from trying to conduct their own investigations. Events now play out in real time. The ability for a person sitting at home to have access to rich, detailed information about an event, as it happens, is magnitudes greater than what was available in the past. It is unlikely that this trend will ever reverse - human beings love to speculate and gossip, now, we just do it together publically. We've been empowered with communication and collaborative tools far more powerful than our own understanding of them.

When Richard Jewell, the security guard/hero of the 1996 Olympic Bombings, had his life and reputation destroyed by false accusations from the media, he was able to sue them for compensation. But when Sunil Tripathi, a student at Brown University who has been missing for the last month, was declared to be a vicious murderer because somebody misheard a police scanner, all his grieving family received was an anonymous apology. One of the largest questions raised by these events involve defining what is free speech online - is a person allowed to make a deeply damning accusation about somebody based off suspicion if others are doing it also, and they believe it to be in public interest.

The traditional media could play an enormously valuable role here by separating fact from fiction and providing verified, trustworthy information. Instead, most outlets just repeated false claims made online - providing a megaphone to statements that should never seen the light of day in the first place.

The opening of investigations to the public is going to happen anyway, law enforcement groups have no choice but to embrace and try to get ahead of this trend. Even in this investigation, the crowd's own efforts forced the FBI to release information earlier than it had planned. The FBI made the wise decision to set up a page where people could upload potential evidence, but before they even got around to creating this, citizens had already set up their own page. The medium on which this case was discussed made a difference in the quality of discourse as well - for example, Reddit fared better than 4Chan because of a more conscious community and a system where true information could be "upvoted" and false information could be "downvoted." Where the conversation about the next case takes place will directly shape how it plays out.

Despite their failings in this case, the crowd has proved themselves to be an important force for public safety in the past. Like with many crowdsourcing-related activities, individuals are good at providing information or reporting events, but it is the next stage - taking action, where things often fall apart. The more passive their role, the more effective they have been. Seattle's Police Department runs a program where citizens can receive tweets about and report when they spot stolen cars. German police have experimented with posting sketches of wanted criminals on Facebook, where citizen's identifications have already led to several arrests. In another example, a Broward County Sheriff has leveraged his 10,000 Facebook friends to successfully track down stolen goods.

We now live in a world where information moves faster than we can assess its value... this is especially true in times of panic, disaster, and crisis. While an active terrorist investigation might not be the best place to allow wannabe detectives with no training, there are certainly situations where they can be helpful. We each have the potential to play a role in being guardians of public safety, but this requires from us a large degree of focus, caution, and care. Ultimately, these are the things which separate an empowered crowd from a raging mob.

-
This article originally appeared on Forbes - Disruption and Democracy

Why Your Next Phone Will Include Fingerprint, Facial, and Voice Recognition

2013-04-01T16:22:23-04:00

In some ways, it's a marvel that even half of consumers bother to lock their phones.

You would think the benefits would be obvious enough: by entering a few numbers, you can achieve a basic level of protection from prying eyes. But according to a recent study, 44% of users said that even this was too much of a hassle - worse, 30% weren't even worried about mobile security at all. From 0000 to 9999 there are 10,000 possible combinations of digits, yet in a sample of 3.4 million passwords, over 10% were cases in which somebody decided that "1234" was their best choice.

For years now, consumers have been demanding a better way, something more convenient and less time-consuming. As it turns out, they may have had the answer all along without even knowing it - their body parts can serve as their next password. Biometric identification, which works by using the unique characteristics of your body to prove who you are, may be the key to a much more effective system.

In fact, it is an almost certainty that within the next few years, three biometric options will become standard features in every new phone: a fingerprint scanner built into the screen, facial recognition powered by high-definition cameras, and voice recognition based off a large collection of your vocal samples.

To many in the industry, this is not a surprise but an inevitability. We store an enormous amount of our most intimate and personal information on cell phones. Businesses today are already struggling with policies regarding bringing devices from home, and it's only going to get more difficult. A study by Symantec highlighted the depth of the problem - around the world, all different types of companies consider enterprise mobile device security to be one of their largest challenges. PIN codes are better than nothing at all, but nowhere near enough in a world where cell phone theft now makes up a major portion of urban crime, and a missing device means lost company secrets.

Ever since Apple purchased Authentec Inc in July of last year, there has been an endless stream of news stories obsessing over whether Apple will include a fingerprint scanner in their next release. In reality, Apple is one among many players, and whether they include a biometric sensor in the 5S or wait till the 6 is largely irrelevant, the mobile industry has been headed this way for years now. Samsung's Galaxy Nexus phones include facial recognition already (although, they did not do a great job). Accessories that can add a fingerprint scanner to your current phone have proven to be popular, and voice recognition is now available through many different services.

What makes this so feasible is that the technologies needed to make these changes are already in place.

Facial and voice recognition are just software; they can use the powerful cameras and microphones already in your phone. And as the next generation of devices are made with better internal components, these systems will only get more powerful and more accurate. Fingerprint scanners have also matured greatly over the last few years, and at least one company has already figured out how to embed the sensor directly into the screen of the device. These more sophisticated types of log ins enable new types of functionality as well - CrucialTec has invented a system where scanning each finger can be programmed to load a different app.

This switch would mark a major shift in how we interact with our devices - and if the goal is security, there's certainly other less extreme, more measured steps that can be taken. But behind the language of needing better passwords is a much bigger push to build trust in the idea that a mobile phone can securely be used for sensitive transactions. Going forward, our mobile phones can serve as the gateway to our health information, location data, government services, and much more. Entire new industries are being built using these devices as the platform.

Americans still lag behind citizens in other developed nations in how they use their phones. But all that means is that there's a larger opportunity here. If you can have a user feel like James Bond when they touch their screen, they are a lot more likely to believe that a "mobile wallet" is a practical thing.

There are separate questions as to whether these technologies are ready for such a wide-scale deployment. While each have their own strengths and weaknesses, together they provide quite an improvement over the status quo. No system is hacker-proof, but using several biometrics, as opposed to just one or just one password, could go a long way in helping to solve a few of the largest problems we associate with mobile security.

Anytime you are constantly sharing personal information there are potential privacy concerns. With this issue though, the dangers may not be as obvious as they seem at first - after all, biometric identification would be in the form of optional features. And there's no more direct privacy violation than having your phone stolen, and with it, temporarily losing control over all the social media, financial, and personal accounts you had tied to it.

Whenever Apple, or another giant, decides to fully embrace a biometric solution, the sheer scale and frequency which people will use it will have an enormous impact on the future of how we are identified. When you have your body scanned multiple times a day to send a text or tweet, it becomes harder to see the process as an invasive, potentially perilous influence. In the long march of biometric technology into all corners of our daily life, this may mark the turning point where all of a sudden this type of authentication becomes normal and familiar - and forever change the way we interact with the systems around us.

This article originally appeared on Forbes - Disruption and Democracy

Like It or Not, the U.S. Postal Service Isn't Going Away Anytime Soon

2013-03-26T12:45:18-04:00

A few blocks away from my apartment, there's a store that Yelp users describe as "dirty," "disgusting," "horrible," and "saturated with bitterness." Yet they are still in business, and probably will be for a long time to come. What type of establishment could have their customers routinely express such deep rooted frustration, and still get away with it? The local Post Office, of course.

At some point, we have all probably thought about doing something like what Michael Richards' character Kramer tried to do on Seinfeld -- get out of the system, permanently. In a famous exchange, when postal employee Newman asks him what he will do about his bills, cards, and letters, Kramer points out that he can use "e-mail, telephones, fax machines, FedEx, Telex, telegrams, and holograms." And he's right. For your everyday needs, there are now a wide variety of ways to communicate and conduct transactions. Few people actually want the bulk of the items that come through their mailbox these days.

But as despised and problematic as it is, the Postal Service is one of the most important institutions in this country; it is essential to a functioning economy, and it is -- thankfully -- not going anywhere any time soon.

There have been plenty of loud declarations that the Postal Service has failed and will be out of business shortly. But these arguments usually reveal how little people understand about what the Postal Service actually does -- and how little they appreciate this institution's amazing reach and scale. Handling over 160 billion pieces of mail in a year (40 percent of the world's mail), the Postal Service provides universal coverage for accessing their services to the entire country for low, standardized prices. They make regular deliveries to remote islands and secluded areas that would not be worth the trouble for a private business.

In rural and low-income regions where broadband isn't commonly available, they provide a much-needed lifeline for communication.

Most recently, Outbox, a start-up from Austin, Texas, has reignited the debate over the future of mail. Since their launch in San Francisco earlier this month, they have attracted a lot of excitement with their simple plan to allow people to have their physical mail picked up, scanned, and digitized for five dollars a month. In reality, this may not be the only cost; they are reportedly exploring ways to bring the sketchy practices of targeted e-mail advertising to the physical world. Furthermore, their marketing reveals a very immature understanding of why the Postal Service -- which they strangely refer to as "America's oldest social network" -- cannot simply be "recreated" by a few guys driving around in a Prius.

A suggestion that often comes up is to just dismantle the Postal Service and have everyone switch to using private services like FedEx, UPS and DHL. The people making these arguments are probably unaware that these companies are deeply reliant on the Postal Service for many of their everyday functions -- comparatively, they do not come close to the Postal Service's domestic infrastructure. One study estimated that in 2011, over 30 percent of FedEx Ground shipments were actually delivered by the Postal Service, and although they compete, these groups regularly partner with each other.

While it is true that the volume of mail has been declining for years now, the biggest issues currently facing the Postal Service have more to do with political incompetence than technological disruption.

Contrary to popular belief, the Postal Service does not rely on taxpayer funds to function. However, because it is a government agency, Congress is able to demand that they provide universal coverage, and maximum service, regardless of cost -- while at the same time refusing to allow them to make the tough business decisions that companies regularly face. Last year, 10 postal workers went on a hunger strike to bring attention to a ridiculous requirement, instituted by Congress in 2006, that the Postal Service prefund its future retirees' health benefits to the tune of over $5 billion a year (a requirement not present in any other government agency, and rarely seen in the private sector). These expenses have brought on the continual state of crisis that the Postal Service has been in for the last few years. Eighty percent of post offices lose money -- but they are unable to shut these buildings down because few legislators want to answer to their constituents about why their local post office has closed.

Just as the decline of railroads forced the Postal Service to adapt in the 1970s, they are now again at a point where they must undergo major transformations - and luckily, there are plenty of ways to improve and modernize their services.

From Amazon to Birchbox, businesses rely on being able to get small goods to their customers at a cheap price. In addition to the eight million people and 1.1 trillion dollars in direct mail, financial services, and related industries that are directly reliant on the Postal Service, the future of many small businesses and entrepreneurs hang in the balance as well. There are over two million sellers on eBay, and there are also over twenty-one million self-employed workers, many of whom rely on selling goods on the internet and shipping them through the Postal Service for their livelihood.

Like many government programs, we are intimately familiar with the inefficiency and frustration of receiving services, but we don't grasp the huge amount of work and logistics needed to provide them. The Postal Service isn't a dying industry, it's far from it. We shouldn't simply just wish it away without thinking of the deep and lasting consequences that its absence would create. But that doesn't mean I won't fantasize about it next time I'm stuck in line at the Post Office.

This article originally appeared on Forbes - Disruption and Democracy

Rand Paul's Bold Stand for Civil Liberties

2013-03-11T11:25:40-04:00

Twelve hours and fifty two minutes -- that's how long Kentucky Senator Rand Paul occupied the floor of the Senate to "raise the alarm" about an issue unfamiliar to most Americans: in a letter days earlier, the Obama administration had claimed that in certain circumstances, they might have the authority to use a drone to assassinate an American citizen on U.S. soil.

Paul came with a simple question and a simple demand: he wanted to know whether the government has actually given themselves this authority, and he wouldn't take anything less than "no" for an answer. After silence from the administration on this most basic question, Attorney General Holder finally gave in the next day and admitted they do not have this power. Paul staged a classic filibuster, harkening back to the days when it was used as a show of conviction rather than a cheap procedural tool to undermine the very function of democracy. At a time when Americans are even more disgusted than usual with Washington's inability to handle their own manufactured crises, Paul has demonstrated the positive power that one legislator can have on a specific issue.

When the dust has settled, it's important to understand how little has actually been achieved -- and why it matters so much.

The prospect of the government drone-striking their own citizens was never the primary concern. Instead, it was the arrogance and secrecy which this administration, and the one before it, have employed in unilaterally deciding when it is okay to undermine the rights of American citizens. What many hope is that Paul was able to do what countless blog posts, protests, and arrests have been unable to so far -- begin to roll back the security theatre of the post-9/11 world.

We desperately need more "Rand Paul moments" to protect our civil liberties.

Bubbling underneath the surface of our political debates the last decade have been serious questions about the balance of security and freedom that have been brushed aside. There is little recourse for Americans who care about these issues -- legislators don't want to appear weak, courts have been generally sympathetic to government positions, and the Obama administration can't have an open discussion about a drone program that they won't even officially acknowledge exists.

The things we once considered an outrage are now the norm -- our electronics can be searched and seized in many parts of the country, warrantless wiretapping is now legal, and the types of data analytics that we used to associate with counter-terrorism are now used to gain our vote. Many people would be surprised to learn that in the United States, a drone has already been used to assist in making an arrest.

With his Tea Party backing and libertarian bend, it would be hard to categorized Paul as a mainstream politician. His views on abortion, immigration, and education -- to name a few -- would not sit well with the majority of Americans. But despite this, Paul managed to bring about a rare moment of bipartisanship from the activists and thinkers at the grassroots, if not with politicians themselves. Twitter exploded with shows of support tagged #standwithrand, while he was cheered by groups ranging in ideology from the CATO Institute to Code Pink.

It is telling that Paul was assailed by conservative institutions across the country, even the Wall Street Journal editorial board dismissed his concerns, saying that his "rant" was more theatrics than substance. But that is how politics work -- by putting on a show, Rand Paul has vaulted this issue "from the fringes to the forefront of Washington conversation". And by doing that, he may have provided us our best hope in years of having an honest, open discussion about the future of our rights.

This article originally appeared on Forbes - Disruption and Democracy

Homeland Security Approves Their Right to Search and Seize Your Electronics Without Suspicion

2013-03-04T17:24:26-05:00

Four years ago, Agnieszka Gaczkowska, a 29-year-old doctor and entrepreneur from Poland, was travelling through Detroit's airport on her way to Boston when her bag was selected for random inspection. The inspection officer asked her if she had any documents with her. Exhausted after a long journey, she replied that she did not, forgetting that she had put a few outstanding bills in one of her textbooks.

Suddenly, she found herself in serious trouble. The inspection officer found the bills and accused her of "lying to a federal officer." They held her for two hours as she was interrogated about the details of her life. The officer ordered her to turn her phone on, and then proceeded to read her e-mails, texts, and Facebook messages without her permission. She was shocked. Eventually, Gaczkowska was released, but she wondered if this was a common practice.

As it turns out, it is -- thousands of people every year face a similar situation. Our government agencies have allowed themselves the right to search and seize your electronic devices with stunning impunity.

Just a few weeks ago, the Department of Homeland Security quietly released a strangely worded document reaffirming their own right to search and seize your electronics without suspicion or cause, anywhere along the United States border (which they define as 100 miles in from the border -- an area twice as long as Rhode Island). In reality, this is nothing new, Homeland Security been doing this since at least 2009 -- that's when Secretary Napolitano put her stamp on the Bush-era practice, and promised an impact assessment within 120 days. Over two years later, it's finally here, and it is nothing more than a poorly written press release.

Having a government official force their way into your laptop is fundamentally different from having them inspect your suitcase. Our hard drives contain personal correspondence, intimate details, deep logs of our activities, and sensitive financial or medical information. Yet we still give this less legal privacy protection than a sealed envelope with a stamp on it.

For now, the business community has figured out a way around having the government search and confiscate devices with company secrets -- give their employees blank laptops, and put the important information in the cloud. This subject is much bigger than how Homeland Security does its job. There is a deeper issue here that is not going away any time soon: our electronics, and the data they hold, have become extensions of who we are.

The Fourth Amendment of the Constitution already provides us with protection against unreasonable search and seizures for people in their "persons, houses, papers, and effects" -- is it time that we add "data" to this list?

The way in which we go about answering this question will have enormous ramifications for our entire legal system. Courts around the country are struggling to decide how to balance security with privacy. From school to the workplace, this question is popping up in different ways almost every day.

In the meantime, the government has accelerated their pursuit of our digital breadcrumbs. In 2011, mobile companies received a staggering 1.3 million law enforcement requests for data, including text messages and location information. It has been over 25 years since Ronald Reagan signed sweeping digital privacy protections into law. In today's world of cloud computing and ubiquitous screens, these protections are horribly inadequate. We should not have to continue to rely on protections passed in an age where the Internet was a military project and the personal computer was just becoming a common thing.

Eventually, the Supreme Court will have to step in to settle the issue, and they are not exactly known for their technological expertise. It might not be long before we are asked at the airport whether we packed our own devices, if we were asked to bring anyone else's files, and if we know if anyone has placed any data on our devices without our knowledge. At least then, it might seem polite; for now, they don't even have to bother with the questions.

This post originally appeared on Forbes - "Disruption and Democracy"

The Washington Post Got It Wrong: We Don't Need a National ID Card

2013-02-06T09:09:02-05:00

On Saturday, the Washington Post editorial board jumped into a center of a decades-old debate by declaring their support for the creation of a universal national identity card. Their argument, that the problem of illegal immigration cannot be solved with enforcement alone, is sound. But their conclusion, that these problems can somehow be fixed by mandating a new type of document, is both shortsighted and misguided.

In reality, the process of implementing an American national identity card would be an expensive logistical and bureaucratic nightmare -- and its usage alone wouldn't bring about the types of reforms that legislators have been promising.

That's because the problems with our broken outdated identity systems run deeply; they cannot be fixed with the "Band-Aid" approach that Washington is so fond of using. The foundation of our system is built on top of a numbering scheme that was created in the 1930s for an entirely different purpose. Adding strict requirements for a new identity document on top of an already dysfunctional system wouldn't be anything more than a superficial, political solution.

Instead of spending the money to create new government departments to manage, protect, and update the records of over 300 million people, we'd be far better served by modernizing, cleaning, and standardizing the systems and databases that are already in use.

In this country, we have given the responsibility of maintaining records and issuing identity cards to state and local governments, and let each handle it their own way. As a result, our nation's systems are only as strong as their weakest link. This practice was supposed to foster innovation, but instead it has lead to messy patchwork of restrictions and regulations that has undermined the credibility of the entire system.

The Bush administration realized that creating national standards was critical to shoring up the whole system. With the REAL ID Act of 2005, they instituted a de facto national identity system by mandating that records be centralized and state-issued IDs be brought up to a common standard. The legislation was ultimately implemented with virtually no public debate or input from important stakeholders (like the state governments who now have to deal with the new requirements). How these programs are implemented sometimes matter more than how they are designed - unhappy state legislatures are still dragging their feet to meet the requirements over seven years later.

But there's a lot more that can be done to fix the system now besides just making new laws. In the last decade, several technologies have advanced to a point where they can now be used quite effectively to help state and local governments overhaul their systems.

Some of the largest inefficiencies in our systems occur because information stored in different government databases is not being shared properly. With the plummeting cost of storing and transmitting data, sharing information has become much more practical. Biometric identification is also helping counties to automatically weed through the fake, duplicate, and fraudulent entries with a speed and precision not before possible. US-VISIT, the Department of Homeland Security's biometric entry program, has also shown how this technology can scale and be effective in every day usage.

These changes can be deployed immediately, while a new identity system can take a long time to gain traction (if it ever does at all). The longer a system is in place, the harder it is to change, and that is especially true when it comes to identity systems since are at the core of so many basic government functions.

At the same time, the very basis for identification systems are changing from improving government functions to enabling citizen services. The identification needs of today's citizens are more sophisticated than ever before -- a physical card with their name is no longer sufficient; citizens need a portable, secure way to identify who they are both online and offline.

We may be reaching a point where the systems behind an identity card are becoming more important than the token itself. The question of what type of card you are using is becoming more irrelevant everyday. If we can improve our systems, we may be able to reap many of the benefits of having a national identity card without the burden or cost of actually having to implement one.

Expect legislators to tell us in great detail why this is not possible. They will point to how divided we are, how large our population is, and explain to us that we'll be fine if we don't take action. But while we are making these excuses, countries in the developing world are doing incredible things with their ID systems. India is collecting biometric data from over one billion residents to issue them each a unique identification number. Indonesia is made up of 17,000 islands - they just enrolled over one hundred million people into a new identity system in less than a year. Ghana just broke a world record by biometrically registering and verifying 13 million people in just 48 hours.

Improving our identity systems should be a national priority -- regardless of what happens with immigration reform. Every single day people are inconvenienced, marginalized, and find themselves victims of identity theft because of our country's faulty identity systems. The American people deserve better than to be presented with a false choice. They shouldn't have to choose between trusting in a relic from the last century that keeps failing them, and being forced into carrying an experimental document they don't need.

This article originally appeared on "Disruption and Democracy," Forbes

What the Aaron Swartz Tragedy Means to His Generation

2013-01-17T11:14:49-05:00

The collective outpouring of grief and anger at the circumstances surrounding the death of Internet visionary Aaron Swartz is only continuing to grow. In the past few days, we have seen his friends and co-workers share warm stories of his brilliance, compassion, and tireless dedication to the causes of an open and free exchange of ideas. Yet a dark cloud hangs over these discussions: the thought of what could have been if things went differently.

This case has exposed to the world an ugly, corrupt side of our justice system -- one that prioritizes harassment over due process, which uses the threat of incarceration as a tool of psychological warfare.

In part, because of a misguided, ruthless prosecution and the revolting behavior of one of our nation's most respected educational institutions, our generation has lost one of its brightest stars. When a system judges a victimless transgression against intellectual property as a worse offense than entire classes of violent crimes, society is in a dangerous place.

As Columbia Professor Tim Wu points out, "the great ones almost always operate at the edge;" Steve Jobs and an entire generation of technological geniuses found their roots in hacking telephones and early communication systems. We would have lost so much if we branded them as "destructive felons" before their careers even began.

Swartz was only a year older than me when he tragically took his life, yet he already had contributed so much to the world. I never had the opportunity to meet him, but I benefit from his work regularly. RSS feeds have simplified my daily reading, Creative Commons licenses have made sharing content far easier, and I have spent countless hours learning incredible things deep in the pages of Reddit. More than that, my entire generation has benefitted enormously from a free and open Internet, which he fought so hard to preserve.

In many ways, the rapid exchange of information has come to define our generation -- we were the pioneers of a more social Internet, and we've watched many times as entire industries have transformed into bits of data that can be seamlessly shared online. We are a generation built off the "remix," understanding that originality can come from reinterpretation. And for better or worse, we have little respect for artificial barriers meant to keep knowledge and content restricted to only certain people.

The Internet has played a critical role in our development, exposing us to stories, information and perspective from people from all walks of life, globally. It has also been critical in helping to create what is one of the largest, most socially tolerant generations ever to exist. We know the positive power of technology, but we understand that people connect with each other, we learn through the human experience.

Swartz not only reflected these values and beliefs, through his incredible body of work he actively moved these causes forward. In his many writings, he reveals himself to be an idealist, unsatisfied with what was around him. Yet he was one of the few with the actual passion to create the change that he wanted to see.

Moving forward, the authorities involved need to be held accountable for their actions -- at the very least. We need to take a hard look at our legal systems, our priorities and how we can stop this from happening again. It seems that the government has inadvertently breathed new life into the causes that Swartz championed. The exciting #pdftribute campaign by researchers on Twitter is just one example of what can be done to improve the world in his name.

His actions were rare and powerful acts of civil disobedience not commonly seen in our generation. Though his time on the planet was short, Swartz made a monumental impact. The fact that his last days were spent in such darkness is truly heartbreaking.

This article originally appeared on Forbes

The Nonexistent Facebook Democracy Is Now Gone for Good

2012-12-10T19:08:16-05:00

The polls are now closed -- and with that, your right to vote on how Facebook uses your personal information has been taken away. In case you missed it, the good news is that your vote wouldn't have mattered anyway; the vote was a sham, set up to fail from the start. The bad news is that little has actually changed: Facebook still owns your personal information, controls your digital self, and it's too late to turn back.

In the end, the measure to keep the current version of the user agreement fell short by more than 299 million votes. If that sounds ridiculous, that's because it is. Facebook had a requirement that at least 30 percent of its one billion users had to vote down the proposal, so there was little hope anyway. But, of those that did participate, a staggering 88 percent voted against the changes.

The citizens of Facebook have lost what little voice they had to begin with, and now their government can unilaterally amend the constitution as it sees fit.

This is how things have always been anyway; Facebook rarely ever consults you before manipulating and selling your personal information. This year, they have begun to quietly allow advertisers to target you directly, instead of trying to cater to the general audience you're a part of. They have expanded their scope by tracking what you do on other websites across the Internet; they are even trying to learn what you are buying offline. They have also just recently settled a lawsuit for using your identity to "sponsor" products without your permission or knowledge.

If it were any other company, you could just stop buying its product, but that's not how things work with social media.

Facebook has become a part of everyday life, to the point where it is viewed with suspicion if you choose to not take part in the network. While the company can now claim that "voter apathy" was the reason for today's changes, the truth of the matter is that users absolutely do care about how their information is used. Last week, like many times before, our news feeds filled with people posting an obscure, legally meaningless status update demanding some limits for how their data is used. Instead of taking the widespread concern to heart, Facebook responded with a dismissive "fact-check" to remind you that, sorry, you don't have any additional protections besides what we decide to give you.

For years the company has been working hard to win the online identification race. If Facebook can serve as your "gateway" to the Internet, they secure the leading role in determining how commerce, communication and social interaction takes place. That is why it has made a policy of forcing you to use your real name, even going to the lengths of asking your friends to verify your personal information to make sure you are being truthful. The millions of photos that users upload every day are their property -- when they decide they want to sell them, or use facial recognition to see who is in them -- you don't have a say in the matter.

At a conference in 2008, CEO Marc Zuckerberg laid out his vision for the future of social media. He explained that he "would expect that next year, people will share twice as much information as they share this year, and next year, they will be sharing twice as much as they did the year before."

In Facebook's "hacker" culture of rapid experimentation, we are all test subjects, and what we see and how we interact with the people around us are the variables. Since its botched IPO earlier this year, the company has been under intense pressure to show just how well they can monetize our information -- and given their recent performance, this will only become a more desperate situation. Whatever Facebook does eventually replace the current voting system with, there is one fundamental thing that will not change: you will still be the product, not the customer.

This post originally appeared on Forbes.

Yes, You Can Hack a Pacemaker (and Other Medical Devices Too)

2012-12-06T13:23:16-05:00

On Sunday's episode of the Emmy award-winning show Homeland, the Vice President of the United States is assassinated by a group of terrorists that have hacked into the pacemaker controlling his heart. In an elaborate plot, they obtain the device's unique identification number. They then are able to remotely take control and administer large electrical shocks, bringing on a fatal heart attack.

Viewers were shocked -- many questioned if something like this was possible in real life. In short: Yes (except, the part about the attacker being halfway across the world is questionable). For years, researchers have been exposing enormous vulnerabilities in Internet-connected implanted medical devices.

There are millions of people who rely on these brilliant technologies to stay alive. But as we put more electronic devices into our bodies, there are serious security challenges that must be addressed. We are familiar with the threat that cyber-crime poses to the computers around us -- however, we have not yet prepared for the threat it may pose to the computers inside of us.

Implanted devices have been around for decades, but only in the last decade have these devices become virtually accessible. While they allow for doctors to collect valuable data, many of these devices were distributed without any type of encryption or defensive mechanisms in place. Unlike a regular electronic device that can be loaded with new firmware, medical devices are embedded inside the body and require surgery for "full" updates. One of the greatest constraints to adding additional security features is the very limited amount of battery power available.

Thankfully, there have been no recorded cases of a death or injury resulting from a cyber attack on the body. All demonstrations so far have been conducted for research purposes only. But if somebody decides to use these methods for nefarious purposes, it may go undetected.

Marc Goodman, a global security expert and the track chair for Policy, Law and Ethics at Singularity University, explains just how difficult it is to detect these types of attacks. "Even if a case were to go to the coroner's office for review," he asks, "how many public medical examiners would be capable of conducting a complex computer forensics investigation?" Even more troubling was, "The evidence of medical device tampering might not even be located on the body, where the coroner is accustomed to finding it, but rather might be thousands of kilometers away, across an ocean on a foreign computer server."

Since knowledge of these vulnerabilities became public in 2008, there have been rapid advancements in the types of hacking successfully attempted.

The equipment needed to hack a transmitter used to cost tens of thousands of dollars; last year a researcher hacked his insulin pump using an Arduino module that cost less than $20. Barnaby Jack, a security researcher at McAfee, in April demonstrated a system that could scan for and compromise insulin pumps that communicate wirelessly. With a push of a button on his laptop, he could have any pump within 300 feet dump its entire contents, without even needing to know the devices' identification numbers. At a different conference, Jack showed how he reverse engineered a pacemaker and could deliver an 830-volt shock to a person's device from 50 feet away -- which he likened to an "anonymous assassination."

There have also been some fascinating advancements in the emerging field of security for medical devices. Researchers have created a "noise" shield that can block out certain attacks -- but have strangely run into problems with telecommunication companies looking to protect their frequencies. There have been the discussions of using ultrasound waves to determine the distance between a transmitted and medical device to prevent far-away attacks. Another team has developed biometric heartbeat sensors to allow devices within a body to communicate with each other, keeping out intruding devices and signals.

But these developments pale in comparison to the enormous difficulty of protecting against "medical cybercrime," and the rest of the industry is falling badly behind.

In hospitals around the country there has been a dangerous rise of malware infections in computerized equipment. Many of these systems are running very old versions of Windows that are susceptible to viruses from years ago, and some manufacturers will not allow their equipment to be modified, even with security updates, partially due to regulatory restrictions. A solution to this problem requires a rethinking of the legal protections, the loosening of equipment guidelines, as well as increased disclosure to patients.

Government regulators have studied this issue and recommended that the FDA take these concerns into account when approving devices. This may be a helpful first step, but the government will not be able to keep up with the fast developments of cyber-crime. As the digital and physical world continue to come together, we are going to need an aggressive system of testing and updating these systems. The devices of yesterday were not created to protect against the threats of tomorrow.

This post originally appeared on Forbes.

Nate Silver and the Rise of Political Data Science

2012-11-08T08:45:33-05:00

For the last few months, the political pundit class has been at war with New York Times FiveThirtyEight blogger Nate Silver. Joe Scarborough of MSNBC called him a "joke," while an op-ed in the Los Angeles Times accused him of running a "numbers racket." The Examiner dismissed him as a "thin and effeminate man with a soft-sounding voice." Even the legendary David Brooks claimed that his work was "getting into silly land."

His crime? Standing by the projections of his proprietary statistical model that have predicted the results of the last two elections with stunning accuracy.

A former baseball statistician, Silver has made his name by aggregating state level polling data, and predicting the likelihood of victory by adjusting for different factors that have historically influenced electoral performance. He consistently rejected the conventional wisdom that the race was tied, and for that, he was cast as a left-wing nut peddling bad science.

But Tuesday night, Silver triumphed: every one of his state-level presidential predictions proved true.

And with this victory, he may have changed the way elections are covered for good. By disregarding the industry wisdom that gut feelings, day-to-day poll movements, and talking head commentary are what matter, he has decimated the value of these superficial judgments.

This year, according to the New Republic, "somewhere between 10 and 20 percent of politics visits to the New York Times website included a stop at FiveThirtyEight;" but last week, "that figure was 71 percent" 0- on the sixth most trafficked site on the web. Over the last 24 hours, there has been an 800 percent increase in sales for Silver's latest book. It won't be long before every major news outlet has their own Silver-clone spewing out statistics and probabilities.

Beyond just personal vindication, Silver has proven to the public the power of Big Data in transforming our electoral process. We already rely on statistical models to do everything from flying our airplanes to predicting the weather. This serves as yet another example of computers showing their ability to be better at handling the unknown than loud-talking experts.

By winning "the nerdiest election in the history of the American Republic," Barack Obama has cemented the role of Big Data in every aspect of the campaigning process. His ultimate success came from the work of historic get-out-the-vote efforts dominated by targeted messaging and digital behavioral tracking. Future campaigns will build off this success and spread these tactics to every part of the electoral process, continually accumulating whatever new types of data are available in the future.

In an interview with BuzzFeed, Silver admitted that he had a lot riding on the outcome of the election -- he recognized he would "get too much credit if the prediction is right and too much blame if it is wrong."

A statistical model can't predict a leaked fundraiser video, a lousy debate performance or an enormous storm -- but it can provide valuable insights into how things actually look, without the noise. You can't "moneyball" a winning team of candidates, but you can see where things are likely to go.

The field of "political data science" is now more than just a concept -- it's a proven, election-winning approach that will continue to revolutionize the way campaigns are run for decades to come.

This story originally appeared on Venture Beat and Forbes

Will Diet Dr. Pepper, Pepsi and Big Data Determine the Outcome of Tomorrow's Election?

2012-11-05T15:00:21-05:00

If your favorite soda is Diet Dr. Pepper, the chances are that you'll be supporting Mitt Romney tomorrow. Pepsi drinker? You're most likely voting for Barack Obama. If you drink Mountain Dew, you probably don't care either way.

These types of conclusions may seem simplistic and superficial, but both campaigns are betting that they will be the key to deciding who the next President of the United States is.

It's more than what you drink: what you shop for, who your friends are, what websites you visit, all reveal clues to your political leanings. Campaigns have entered the era of "Big Data" -- they target voters based on scraps of information they gather from unlikely places.

Thanks to the rise of mobile technology and social media, the number of records collected by data brokers on voter has tripled -- from 300 in 2004 to more than 900 today.

Voters used to be the ones obsessing over details of a candidate's personal life. Now the tables have turned. Campaigns research the personal lives of the voter.

Micro-targeting, a technique that delivers ads based on the personal traits of a voter, was once considered impossible. But in 2004, it was credited for helping George W. Bush defeat John Kerry. Now it is used by almost every campaign.

Because of the intricacies of our electoral system, a relatively small group of people end up deciding the outcome of elections. In the 2000 presidential campaign, hundreds of millions of dollars were spent on reaching just 7 percent of voters -- less than 8 million people. Even a small advantage in mobilizing potential voters in a swing state can determine the difference between a win and a loss.

This election cycle, more than $3 billion has been spent on broadcast television advertising -- which has remained the dominant form of political communication for the last fifty years. But times are changing. Television purchases are no longer as effective as they used to be. A study showed that 88 percent of voters with DVRs skip ads and 45 percent use something other than live TV as their primary mode for viewing videos. These proportions are even higher in younger demographics.

Just as television advertising revolutionized the field in the 1960s, this election will likely mark digital-behavioral advertising as the next frontier in voter outreach.

As a nation, we are already divided along partisan lines. We access different media, each with its own messaging and focus. Now we will receive different messages depending on who we are. Zac Moffatt, digital director for Mitt Romney's campaign, said to the New York Times that "two people in the same house could get different messages," and "not only would the message change, the type of content would change."

In an article for Stanford Law Review, Daniel Kreiss, a journalism professor at University of North Carolina, Chapel Hill, explains how this can have negative long-term consequences for democratic participation. With so much sensitive personal information in so many hands, there are risks of data breaches and unauthorized disclosure. Citizens may hesitate to engage in political discussion online for fear of being tagged and put into a marketing database. And, the high cost of political data and consulting activities might make it difficult for less affluent candidates to compete effectively. Perhaps most worrying, campaigns may "redline" an electorate -- by ignoring voters that a computer model deems unsympathetic to their views and thus not worth the investment.

Sophisticated modeling and targeting will become commonplace at every step of the political process. NGOs, interest groups, and candidates for local office will be the next to adopt these methods.

United in Purpose, an evangelical Christian non-profit, is currently using such technology to assign points to voters based on whether they like NASCAR or fishing, and if they are on anti-abortion or traditional marriage lists. If these voters have a score of over 600 points, they are considered "serious about their faith". They will be contacted if they have not registered to vote.

Many voters would be surprised to learn that their interactions with both campaigns are being recorded and analyzed using technology similar to what Target uses to determine if teenage girls are pregnant. When voters do learn what their candidates are doing, as many as 86 percent want this to stop. They regard this as an invasion of privacy. Yet these types of activities are considered political speech, so there are hardly any restrictions in place.

What is most worrisome is that there is no easy way to opt-out of these databases, or to limit what information is collected about you, or how it is used. Sadly, we can't "de-friend" or "unfollow" the politicians.

This post originally appeared on Forbes.

The Next Privacy Battle: Cameras That Judge Your Every Move

2012-09-14T15:02:18-04:00

In Tampa, Florida, just outside of the building where the Republican National Convention took place, vigilant observers were perched high above, working day and night to spot suspicious activity. They were not police officers -- they were surveillance cameras equipped with "behavior recognition" technology that constantly studied each person to determine whether he or she is the next security threat. By "learning" patterns of behavior, these devices monitor large crowds to alert authorities, within seconds, when something out of the ordinary occurs.

High-tech security measures might have been expected at large politically charged gatherings. But cameras capable of real-time, sophisticated data mining are starting to appear everywhere.

It may soon be the case that it is no longer necessary to have a human being actively monitoring the screens. Computers will be able to do a better job and for a fraction of the cost. Legal protections from surveillance cameras currently focus on where a camera can be placed. This will shift to what types of analysis the camera is capable of performing, and for what purpose.

The reason for the quick adoption of these cameras is simple: human beings are not good at attentively watching large amounts of video for very long. In the United States, it is estimated that there are 30 million surveillance cameras, which create more than 4 billion hours of footage every week. At best only a small portion of this footage will ever be reviewed. London, for example, has close to 500,000 surveillance cameras. But this has only helped police in solving three percent of all street robberies.

Instead of trying to solve crimes after they have happened, advances in camera technology can spot problems as they are occurring. On Liberty Island, home to one of the nation's most famous landmarks, surveillance camera data are brought together and analyzed in order to spot when somebody abandons a bag or tries to stay on the island after hours. This technology can alert police to the appearance of an imminent fight. Across the Bay, in Manhattan, surveillance cameras can track a person's general description. If there is a report about a suspicious person wearing a red shirt, for example, every person wearing a red shirt in sight of any of their thousands of cameras can be displayed together -- in an instant.

It's not just law enforcement that has taken note of this. Retail outlets such as Macy's, Babys 'R' Us, and CVS have installed systems in some of their stores that can spot shoppers who do unusual things -- such as remove many items from a shelf at once, open a case that is normally locked, or walk suspiciously through the aisles. Pathmark grocery stores have implemented similar technology that will quickly alert managers of potential shoplifting and employee fraud -- as it takes place.

These systems are programmed to assume that everybody is a potential shoplifter, terrorist, or criminal. In addition to issues related to presumption of innocence, this raises many questions about privacy. The idea of a person closely watching our movements is unsettling. Does it "feel" different if it's just a computer rather than a human being?

WikiLeaks cables released earlier this month revealed a widespread use by local and federal agencies in the U.S. of TrapWire, a technology that aggregates incident reports and camera feeds to try to detect potential terrorist threats. Understandably, there was uproar over the lack of public disclosure. These same features are being used in other parts of the world to combat dissent. In China, security cameras are commonly used to count the number of people in crosswalks. These alert the authorities if a crowd forms at an unusual time--which could be sign of unsanctioned protest. Around the world, companies like Sony, Kraft, and Adidas are also installing cameras to target ads to consumers based on their physical features.

The last two decades have largely settled the question of where a security camera can be placed. The promise of increased safety has trumped the right to remain anonymous. In the near future, not having behavioral detection systems present will be seen as a danger and liability, especially as the cost of monitoring technology drops and advanced surveillance becomes even more affordable.

So far, there has been little consequence to this because nothing is usually done with the footage. But that is going to change. There will, undoubtedly, be concerns arising related to how these datasets can be combined with personally identifiable information to track not only our locations and activities, but our feelings and state. You can expect these to be the next privacy battles in the courts. One would expect the Republicans -- who often consider themselves to be the defenders of free speech and liberty -- to lead the charge against these technologies.

Instead, at the Convention in Tampa, cameras worked overtime alongside police officers to make sure that things ran smoothly. If the protests had turned violent, as they did at the 2008 Convention in St. Paul, the authorities would have known when and where to react. Going forward, it will be interesting to see how the need for domestic security will be balanced against individual rights and our need for privacy.

This piece was originally published on Forbes. Photo courtesy of PublicIntelligence.net

How Technology Can Limit India's Rampant Corruption

2012-08-02T10:25:04-04:00

To combat corruption, a small group of entrepreneurs in the Indian government called the Unique Identification Authority has been rolling out a program to use biometrics -- a technology that was once a hallmark of science fiction -- to accurately identify its 1.2 billion residents.

At present, India's departments work in isolation, maintaining a separate database to track delivery of government services to residents. Over time, systematic corruption and mismanagement have bred bad data, false information, and outright fraud. Poor laborers and migrant workers, in particular, are forced to travel far from their homes to collect their wages and benefits, having to dole out bribes to predatory middlemen along the way. A study by investment group CLSA estimated that, nationwide, of the $250 billion in subsidy and social spending on select programs over the next five years, over 40% will never make it to its intended target.

The biometrics program, which is nationally funded, has been ongoing since 2010 but just recently completed the first stage of enrollments, adding its 200 millionth enrollment several weeks ago. That's already a population larger than any European nation.

Under the program -- which will use iris scans and fingerprints -- each man, woman, and child will receive an "Aadhaar" (meaning: foundation) 12-digit unique identification number over the next few years. For the poor in India, this promises to end a vicious cycle in which people cannot prove who they are and are thus denied what they are supposed to receive.

Biometric identification has been around for decades, but it has never been used on such a large scale. The technology must withstand India's extreme weather, difficult geography, and multiple separatist movements. Large portions of the country lack reliable electricity, not to mention Internet connectivity. Developers must find a way to ensure high quality information across tens of thousands of enrollment centers. If these challenges can be overcome, there is a major opportunity to modernize and reshape the nation, and to set a precedent for the rest of the world, not only by making hundreds of millions of people recognizable by society, reigning in corruption, and improving government services but also by enabling a new mobile payment system.

Aadhaar numbers can serve as the key to bringing together various databases to clean out records. Electronic transfers can replace the inefficient and corrupt cash-and-goods distribution systems currently in place. Indians, for the first time, will be able to prove their identity in a matter of seconds with biometric scanners, regardless of location. And with close to a billion mobile phones in the nation, these Aadhaar numbers can serve as a gateway for India's masses into the financial system.

The same systems used for transferring benefits can be used to create an economy based on mobile transactions. Two villagers could send each other money with little more than their identity numbers and an Internet connection. With an open platform, the Unique Identification Authority is inviting entrepreneurs to come build their own applications and uses to tackle the country's multitude of data issues. Health insurance is one area that could be improved with this program -- it's currently rare in India because of how hard it is to locate and verify a person's records.

The goal is to enroll 600 million Indians in four years. Many have expressed skepticism that they will reach their target, pointing to the numerous examples of costly, failed national identification programs around the world. But with India already having reached the 200 million mark, it may yet quiet those naysayers.

In the process, India has industrialized the biometric space. Economies of scale have already made a drastic impact on the price of the technology. RS Sharma, director general of the Unique Identification Authority of India has said that the agency has been able to collect each resident's information for around $3, while it reportedly cost the UK more than $150 per person in its failed exercises just a few years ago. For most of the developing world, this would be affordable to implement.

However, the same systems that can bring accountability and transparency can be used for mass surveillance and digitized discrimination. Privacy laws are still outdated and ineffective, and politicians have yet to overhaul the systems of enforcement. With so many different government agencies now able to store and access personal information, the potential for abuse looms large. The possibility of human error is present at every step, and there are questions whether India's people and institutions are ready for such a dramatic change. Biometric identification has long been used for security purposes -- now India will show the world how it can also be used to offer hundreds of millions their greatest chance at inclusion and a prosperous life.

A version of this post first appeared on Forbes.