U.S. Magistrate Judge Sheri Pym yesterday ordered Apple, Inc., to bypass security on the iPhone 5c owned by the San Bernadino shooters. Apple said no:
In his statement, [Apple CEO Tim] Cook called the court order an “unprecedented step” by the federal government. “We oppose this order, which has implications far beyond the legal case at hand,” he wrote.
“The F.B.I. may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a back door,” Mr. Cook wrote. “And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.”
The Electronic Frontier Foundation, a nonprofit organization that defends digital rights, said it was siding with Apple.
“The government is asking Apple to create a master key so that it can open a single phone,” it said Tuesday evening. “And once that master key is created, we’re certain that our government will ask for it again and again, for other phones, and turn this power against any software or device that has the audacity to offer strong security.”
This reminds me of the incremental logic of Joss Whedon's Dollhouse, where every choice the characters make along the way seems like the right thing to do at the time, if you skip the inconvenient implications of it.
On Friday I mused about which new technology (or technologies) I should learn in the next few weeks. As if they're reading my mind (or blog) up in Redmond, just this morning Microsoft's Brady Gaster blogged about a little Raspberry Pi project he did:
I broke out my Raspberry Pi and my Azure SDK 2.8.2-enabled Visual Studio 2015 Community Edition and worked up a quick-and-dirty application that can send sensor data to an API App running in Azure App Service. This post walks through the creation of this sample, the code for which is stored in this GitHub repository.
The code that will run on the Raspberry Pi is also extremely simple, deliberately so that you can use your own imagination and add functionality however you want. Here’s a picture of my Raspberry Pi running in our team room, on the big screen. As you can see the app is quite basic – it consists solely of a toggle button, when clicked, kicks off a timer. Each time the timer fires, a request is made to the App Service I just deployed.
Since Gaster is the Azure SDK & Tools Program Manager, his post is really about Azure. But hey, for $50, why not whip up a little toy?
One of the companies I work with recently used Raspberry Pi devices with motion sensors to publicize when conference rooms were free. Maybe I can resurrect the Parker Cam with a motion sensor?
I'm debating what new area I should explore, assuming I have the time:
I'm thinking about a few side projects, obviously. And this article on new "universal remote" apps in today's Times got me thinking about home automation, too. But that's less a skill to learn than a set of toys to play with.
The European Commission yesterday announced they've reached a broad agreement with the United States to allow trans-Atlantic data transfers that respect European privacy laws:
The EU-US Privacy Shield reflects the requirements set out by the European Court of Justice in its ruling on 6 October 2015, which declared the old Safe Harbour framework invalid. The new arrangement will provide stronger obligations on companies in the U.S. to protect the personal data of Europeans and stronger monitoring and enforcement by the U.S. Department of Commerce and Federal Trade Commission (FTC), including through increased cooperation with European Data Protection Authorities. The new arrangement includes commitments by the U.S. that possibilities under U.S. law for public authorities to access personal data transferred under the new arrangement will be subject to clear conditions, limitations and oversight, preventing generalised access. Europeans will have the possibility to raise any enquiry or complaint in this context with a dedicated new Ombudsperson.
The new arrangement will include the following elements:
- Strong obligations on companies handling Europeans' personal data and robust enforcement: U.S. companies wishing to import personal data from Europe will need to commit to robust obligations on how personal data is processed and individual rights are guaranteed. The Department of Commerce will monitor that companies publish their commitments, which makes them enforceable under U.S. law by the US. Federal Trade Commission. In addition, any company handling human resources data from Europe has to commit to comply with decisions by European DPAs.
- Clear safeguards and transparency obligations on U.S. government access: For the first time, the US has given the EU written assurances that the access of public authorities for law enforcement and national security will be subject to clear limitations, safeguards and oversight mechanisms. These exceptions must be used only to the extent necessary and proportionate. The U.S. has ruled out indiscriminate mass surveillance on the personal data transferred to the US under the new arrangement. To regularly monitor the functioning of the arrangement there will be an annual joint review, which will also include the issue of national security access. The European Commission and the U.S. Department of Commerce will conduct the review and invite national intelligence experts from the U.S. and European Data Protection Authorities to it.
- Effective protection of EU citizens' rights with several redress possibilities: Any citizen who considers that their data has been misused under the new arrangement will have several redress possibilities. Companies have deadlines to reply to complaints. European DPAs can refer complaints to the Department of Commerce and the Federal Trade Commission. In addition, Alternative Dispute resolution will be free of charge. For complaints on possible access by national intelligence authorities, a new Ombudsperson will be created.
The EC will release the text of the agreement soon. I'll be monitoring this development closely.
President Obama and I have the same fitness tracker. His, however, has some customizations:
What counts as must-have features for many people — high-definition cameras, powerful microphones, cloud-connected wireless radios and precise GPS location transmitters — are potential threats when the leader of the free world wants to carry them around.
And so using the latest devices means more than merely ordering one on Amazon for delivery to 1600 Pennsylvania Avenue. It means accepting the compromises imposed by White House technology experts, whose mission is to secure the president’s communications, and by the Secret Service agents who protect him.
He has not given up, though. Mr. Obama is the first commander in chief to regularly carry a specially secured BlackBerry. He reads briefings and checks scores from ESPN on an iPad (the first of which was given to him by Steve Jobs before its public release). And recently he has been seen wearing the Fitbit Surge, a fitness band packed with all the latest technology, on his left wrist.
The article goes on to speculate (because neither the Secret Service nor Fitbit will comment on presidential security) just which features, exactly, they've removed. And my friend request has so far gone unanswered...
The Economist peeks under the skirts of the top tech firms and finds what people in my field have known for a long, long time:
However, a career as a software developer or engineer comes with no guarantee of job satisfaction. A survey last year of 5,000 such workers at both tech and non-tech firms, by TINYPulse, a specialist in monitoring employee satisfaction, found that many of them feel alienated, trapped, underappreciated and otherwise discombobulated. Only 19% of tech employees said they were happy in their jobs and only 17% said they felt valued in their work. In many areas they were even more discontented than non-tech workers: 36% of techies felt they had a clear career path compared with 50% of workers in areas such as marketing and finance; 28% of techies said they understand their companies’ vision compared with 43% of non-techies; and 47% of techies said they had good relations with their work colleagues compared with 56% of non-techies.
No amount of talent or effort can make up for having chosen to work at Sidecar, a ride-sharing service which shut down in December, rather than Uber or Lyft, its still-expanding rivals. Moreover, tech startups typically attract talent by offering shares. Employees work like dogs in return for supposedly making a fortune when the firm goes public. However, such firms often use multiple classes of shares that preserve the biggest gains for insiders, leaving the employees with common stock that can easily lose value. In particular, startups have taken to offering later-stage investors guarantees that they will get their money back, if either a subsequent funding round or an eventual initial public offering (IPO) values their shares at a lower price than they are paying. When firms have to pay out on such guarantees, they generally do so by issuing extra shares, which dilute other common shareholders such as their staff.
The tech industry offers fabulous rewards for a fortunate few: almost half of the world’s billionaires aged under 40 are tech types. It offers a wonderful life for many thousands more: they get to make serious money by turning science fiction into reality. But the industry is also rife with disappointments: endless toil that produces meagre returns; and dreams of reinventing the world that turn into just another tough and insecure job.
Sounds about right. It also sounds like the TV business, which, as Hunter Thompson once summed up, "is normally perceived as some kind of cruel and shallow money trench through the heart of the journalism industry, a long plastic hallway where thieves and pimps run free and good men die like dogs, for no good reason." Tech sometimes looks like that, too.
I've just spent a few minutes going through all my company's technology expenses to figure out which ones are subject to the completely daft rental tax that Chicago has extended to cover computing services. The City theorizes that rental tax is payable whenever you pay to use a piece of equipment that belongs to someone else for a period of time. This makes a lot of sense when you go to Hertz, but less when you use Microsoft Azure.
My understanding of the tax and the City's might not be completely orthogonal, but here are some examples of things that I've flagged for my company.
Salesforce.com: This clearly falls within the tax ruling. You pay for an online service that runs on someone else's computers. This is exactly what the city was after when they extended the rental tax.
Microsoft Azure: The tax only seems to cover Azure Compute fees, and specifically exempts Storage charges. So how are database hours taxed, then? With Azure, you pay for Database compute and storage together. Clearly Azure Storage is exempt, though. So now we've got a recordkeeping burden that Microsoft can't help us with yet. Great.
LinkedIn Professional: This may be subject to the tax, if you interpret the tax very broadly. But a LinkedIn subscription isn't so much for the use of its computers (which is free), but for enhanced features of the product that seem more like consulting services than compute time. I think we'll see some litigation over services like this one.
JetBrains ReSharper software license: This does not seem subject to the tax, because we're only paying for a license to run the software on our own computers.
Basically, the City is trying to raise revenue any way it can, but they don't have the technical wherewithal to understand why the tax as constituted makes no sense. Some people in my company feel this makes Chicago unattractive to business, but that's true only if you don't count the difficulty getting talented people to move away from all the city has to offer. It's a frustrating new tax, though, and one the City probably wouldn't have to impose if the rest of the state would pay for its share of the services that Chicago provides to it.
Last night, the GOP candidates for president debated technology a little, and they just had no idea what they were talking about—or they dissembled. Take your pick:
It’s not exactly clear what Trump means by “closing areas where we are at war with somebody,” and we’re not exactly sure Trump knows what he means, either. Our best guess is that he’s saying it’s possible for the US to shut down Internet access in countries like Syria. That’s problematic, not only because it would shut off millions of innocent people from the Internet, but also because the US simply doesn’t control the Internet in countries like Syria, and neither do US companies.
There were other missteps throughout the night, like Governor John Kasich’s claim that the San Bernardino shooters’ communications couldn’t be monitored “because their phone was encrypted.” He’s right that their phones contained encryption, but so does mine, and yours, and, in all likelihood, so does Kasich’s, because most smartphones today are encrypted.
And don't even get me started on that clown Fiorina...