A blog post from Ben Creet, Senior Issues Advisor at InternetNZ
16 May 2016
Why are mobile security updates so hard?
The US’s Federal Communication Commission (the FCC) has started to dig into mobile phone security updates. This is a really good thing, especially when it comes to Android.
The basic problem is that Android is everywhere, but google relies on the phone manufacturer’s and the telco’s to actually implement and distribute security updates. Basically, none of the phone manufacturer’s have good motives to give you phone updates - they want you to buy new phones. The result is that android is hugely fractured, with all sorts of versions of android still out there, unpatched and easily exploitable.
By comparison, 84% of iOS devices are using iOS 9. That’s because iOS updates come directly to you and it nudges you to update. That’s why it’s really cool to see the FCC take an interest in mobile phone updates. The FCC has asked wireless carriers (Telecommunications companies) and eight phone and tablet producers how security problems on their devices get fixed. It’s a great start and I really hope that we see some progress (mostly because I predicted that 2016 would be the year that Android updates got ‘fixed’ and I like being right).
Remember, phones aren’t phones anymore, they’re hand-held computers that you can call people on. To keep your information safe, phones and tablets should be regularly updated, which usually isn’t the case for Androids. In the meantime, if you want regular, speedy updates on Android, then you should get a Google Nexus phone (or root it yourself and install cynagenmod).
Americans deterred from saying controversial things online
The US Government’s National Technology and Information Administration (NTIA) released some really interesting survey results. It turns out that people’s lack of trust really does make them think twice, and even stop, doing things online. The survey has some predictable results around what people are concerned about (identity theft, fraud) and that households with more Internet-connected devices are more likely to experience a security breach (a larger threat surface increases risk).
But what really stood out to me was the results of what online activities American’s avoided due to privacy and security concerns. 29% of households concerned about government data collection said they did not express controversial or political opinions online due to privacy or security concerns. That is a pretty powerful chilling effect for a country with freedom of speech protected by the Constitution.
Skynet rolls one step closer
Robots are going to take people’s jobs. It’s a thing that comes up in the news every now and then. And with AI where it’s at, those jobs aren’t just manufacturing ones, they’re medical, legal, accounting, professional advice and other professions that rely on research, knowledge and analysis.
I’ve been wondering when it would start, and it seems that it already has. A US law firm has ‘hired’ an AI to be a part of its bankruptcy practice. AI Ross is an IBM creation and is built from Watson. It looks to be doing paralegal research and analysis, which is exactly what an AI is likely to excel at. It can comb libraries and select relevant case law at speed and will pick up on new case law and legal precedence as soon as they’re on the web and/or in the relevant libraries.
Yes, that chill going down your spine also went down mine. Truly, the cyberpunk dystopian future is now and I for one welcome our robot overlords.
Did I say overlords, I meant protectors! (Yes, that’s a reference to a Jonathan Coulton song)
- Chiron Beta Prime by Jonathan Coulton (for the lyric reference)
Kazakhstan goes after Mega’s customers files
When people talk about “the cloud”, they’re often talking about how the Internet blurs geographic distinctions, with good or bad consequences as a result. Of course “the cloud” is just a fancy term for other people’s computers. Down in New Zealand, it looks like those people and computers are mostly overseas, but that doesn’t have to be the case. New Zealand services hold data for and about people elsewhere, and that means we have to think hard about the legal and security issues of managing that data.
Mega is a NZ-based cloud platform. Last week, a New Zealand judge said they have to hand over customer details to a US court (IP addresses, email addresses, users' contact information, account and payment details). So far, so normal right? Reputable court systems deciding how information can be shared to settle disputes. The wrinkle here is that the data is sought by the government of Kazakhstan, which has an... interesting... human rights record (to be polite about it). While the immediate use of the data is to resolve a US civil case, the Kazakh government could also use this information to take other measures against people involved.
So an NZ court, forcing an NZ cloud provider to release information, might have human rights implications in Kazakhstan. That’s a big issue for how NZ approaches release of information, but it’s not one we’ve seen much discussion of. Here’s the Stuff story with more details on the Mega case:
What’s on our radar
- James is attending the Etherium unconference in Auckland on Tuesday
- InternetNZ’s first speaker series of the year is on soon - Death and the Internet will happen on 9 June. Get your (free) ticket here