07/15/2019

#45 – There is no Buy, Only Rent.

#45 – There is no Buy, Only Rent.

If Apple shuts down iTunes, what happens to your downloads? Digital right management (DRM) services like iTunes provide quick, easy access to music, movies, and more. At the same time, they raise questions about who actually owns downloaded content.

The Grepcast team recently discussed DRM services, along with the use of aggression detectors and other technology topics. Read our podcast transcript below to find out what the Grepcast team has to say about these topics and more.  

GREPCAST #45 — There Is No Buy, Only Rent.

Adam Fisk: In Grepcasts previous, we’ve discussed the weird surveillance state that is public schools in the United States these days. And it has gotten weirder. But before we jump into the “1984” future that is U.S. schooling, Mike, you found an interesting thing about schooling in the UK.

Michael Oh: I was doing an interesting thing where I was doing a workshop around engineering for primary school kids. And one of the schools I was teaching in told us they were going to spend a few minutes with the kids. What we found out was that the teachers had found that the kids were not treating each other well online. I thought that we’ve certainly talked about the negative part of surveillance. But there is a positive aspect. They did use this as an opportunity to educate and hopefully keep people from becoming online trolls and bullies by being more respectful. So, there is a silver lining on this cloud. I’m just not sure what we give up by having all social media monitored.

AF: Immediately, we focus on the darker center of this cloud. This piece is coming from a collaboration between Wired and ProPublica, and the article is named, “Aggression Detectors: The Unproven, Invasive Surveillance Technology Schools Are Using to Monitor Students.” This is written by Jack Gillum and Jeff Kao, and it goes through this fringe technology of having microphones in classrooms at schools, with the sole purpose of trying to detect aggression, stress, and anger. The intro line to this article says, “In response to mass shootings, some hospitals are installing microphones equipped with algorithms to help identify anger before violence erupts. Our testing shows that they are less than reliable.”

Kelly Ford: Once again, we have a company that is exploiting fears and school shootings, which is shocking to no one.

AF: This is coming from a company called Thoreau Electronics, which has been doing this since 2015. Algorithms are very interesting things. We’ve talked about all of the things that algorithms can do, but also the things they cannot do.

KF: This is not about safety. This is about commerce. All these things are. If you pay attention to the world and news, even people who aren’t antagonistic or aggressive are shot and killed. So, it seems like just another way to get technology into schools and make money. According to the article, this is a $2.7 billion market. So, of course, they are going to market to schools and hospitals.

MO: The interesting thing about this product is when you look at the article, you see this device that looks like a smoke detector. But if you read the text, a large percentage of the devices used for this type of surveillance are security cameras made by Axis Communications. One of the key takeaways is that you can see a camera in a classroom or hallway and just assume it is there for video. But every camera that Axis has sold for many years has audio capabilities. Whether or not it’s recording or piping that to detect aggression is just a flick of a switch. So, it not only goes to surveillance, but also to this technology that has become so pervasive and enabled. Security cameras have been rolled out for a number of reasons, and companies are now starting to monetize this audio stream. And then, they’re trying to process [the audio] to figure out who is aggressive or not. This is the worst version of what we had seen in the previous Grepcasts. Some of the previous examples were at least somewhat defensible. But this one is just horrible.

AF: The article does go on to Sound Intelligence CEO Derek van der Vorst who goes into the company’s pedigree and its testing of similar technologies and how it was able to correlate between the sound it picked up and actual police reports. What it does say that was interesting is, “When asked whether these algorithms could prevent a mass shooting, van der Vorst said, ‘I wouldn’t claim that we can prevent a crazy looney from shooting people.'” But he goes on to say the software is so complex, but if you use the algorithm and build it in a few bars in Europe and try to use it in an American school, it’s not going to work. They’re completely different things. It creates “layers on layers of problems.”

KF: Going back to things like bullying, they should put that money toward TAs instead where there is more human interaction. I just don’t see how this software is going to be good for us in the long run instead of hiring more teachers and hiring more help for teachers. The funny thing was that what got the aggression detector to go off was ordering pizza. Of course, if kids order pizza, they’re going to get really excited. It’s just another bad piece of technology that’s out on the market. All of this feels really exploitative and playing on fears in a really overwhelmed marketplace.

MO: I don’t think that the people that are actually going to act aggressively are the ones that are going to get detected by this stuff. Kids that act out and are verbal have things that a teacher can work with. It’s the ones that don’t verbalize and sit there and fume inside. To me, this is solving the wrong problem. It’s a waste of money. With all this stuff, how can you possibly think this is right?

KF: They said even the Parkland shooter was one of those kids who would not have been picked up on an aggression detector or any of this software. There was a good example here about The Valley Hospital in Ridgewood, New Jersey. So, they decided to phase out their detector after three years. They had a $22,000 pilot, but the system didn’t work as it should. They had an example of an incident where the detector should have picked up [aggression] but it didn’t detect anything at all. It didn’t work in an incident where it should have, which could have been the use case.

AF: Moving to other things — I have no good segue — cell phone security is a trash fire. In an article on Engadget written by Violet Blue called, “How a trivial cell phone hack is ruining lives.” This was just a crash course in terror and worst-case scenarios for everything I’ve ever read about person cyber security and all of these things. This article goes through and discusses how SIM hacking and SIM cloning is ruining everything because every service you have needs your phone number.

MO: I think calling it SIM hacking and SIM cloning makes it seem like a really hard thing to do. The way they explain this is it’s sort of a social hack. They’re calling up your wireless provider and get key pieces of personal data to make it seem like they are you. Then, they say they got a new phone. So, they are hacking in terms of hacking the system. But the phone company is saying that they have a new phone that someone just bought, and then they switch the number over. As soon as the number is on that phone, there’s this cascading effect. Someone can get into your Google account, and then can hack into any other number of accounts, and they can cause hundreds of thousands of dollars in wire theft.

AF: The intro of this article talks about Sean Coonce, who was a victim of one of these attacks. The best part of this is that it’s so normal. [Coonce’s] phone wasn’t working one night, and he went to bed. Then, he woke up the next day and was locked out of every account that he ever had and was out $25,000, all because he thought phones are weird sometimes.

KF: I could see this happening to so many of us, so easily. It’s a little bit terrifying.

MO: It’s terrifying. But one thing they talked about was using third-party vault systems or password management systems. The alternative is that people click on “Yes” in Google Chrome when it asks them to save their password in the Google Chrome password vault. The interesting thing about that is once someone gets access to your Google account, because of this phone number switch, they can validate that they are this person and can reset the Google account’s password. Then, their passwords are stored in the Google Vault. Whereas if you store your passwords in something like in 1Password or LastPass, getting access to the Google account doesn’t give you access to all of the other passwords.

AF: It’s going back to convenience versus security. If someone uses the Google ecosystem for everything, it feels like a no-brainer. But if you get phished once, and you’re a walking target.

KF: But how long until 1Password or LastPass gets breached?

AF: There was a major “issue” with 1Password five or six years ago before 1Password changed to its software-as-a-service model. You would have a vault that would be stored locally in your machine. But if you had two machines and wanted to sync your vault with iCloud or Dropbox, there was an issue where your vault could be opened as plain text. They slightly had this issue already. But now, 1Password is a lot bigger. And they have a cloud that hosts all of your stuff on their things.

MO: It’s not necessarily that they are unhackable. I think one thing we’ve learned is that nothing is unhackable. But the key here is that you keep things in separate buckets. And that means that you can’t just — as a hacker — get from one bucket to another without some effort. It’s the fact that it’s a non-zero effort to go from a Google bucket to a 1Password bucket. Each hurdle in that is resistance for [hackers] to do that. What you see in this article is that if you do things purely based on convenience and eliminate all of those barriers, when [a hacker] gets into your Google account, they pretty much have access to everything. So, that seems to be the way to avoid it. Nothing’s unhackable, but you just need to keep things in as many buckets as possible.

KF: I think it’s funny that we’re coming back to square one on this. When we all started on the computer back in the day, it was, “Don’t write down your passwords.” Now, in this article, [Coonce] said, “I’ll probably never store my password anywhere, but I’ll write it down.” We’re just in that stage where it’s more trouble for someone to break in and steal your password than it is to break in to your digital world and steal everything. It’s so much easier to steal digitally. I think that’s an interesting place where we’ve arrived.

AF: It’s also understanding what your personal threat matrix is. If you’re somebody who is a high-profile person, then maybe email is a no-no, and you have locks on doors and security systems. Versus, a “normal” person, who may use LastPass as a system that’s great for you. I will say, luckily, all of our cell phone carriers have created a quick how-to on how to protect your identity. This comes to us from AT&T, and it has some really good suggestions such as “don’t share your phone number” and “keep your inbox clean.” Because these are things that will really help us.

MO: Unfortunately, the published articles by AT&T and T-Mobile don’t seem to solve these issues. But there are processes that these companies have in place to add further security. The biggest tip that I pull away from this is that as much as you hate calling your mobile phone company, call them and ask them how to best secure your account so that somebody else will not be able to get it. Different companies have different policies, and it gets down to remembering more passwords. But going through some effort to lock down your cell phone data so it can’t be transferred to another device seems to be a really good starting point for enhancing your cyber security.

AF: Also, one thing in this article that’s really cool for me: every single customer’s PIN number for AT&T or T-Mobile was leaked in late 2018. So, if you have a PIN for AT&T or T-Mobile, give them a call and change it. Because every single person has been affected.

So, another exciting entry into the year 2019: I’ve got some bad news. We don’t own anything anymore, and we’re essentially leasing and renting all of our junk. This comes on the heels of Microsoft shutting down its ebooks store because it’s getting rid of a digital rights management (DRM) server.

MO: Well, who used the Microsoft ebooks store? The fact is, the thing that tipped us off on this interesting news is that the service was shut down, and it only ran on the Edge browser, which can only be installed on Windows 10. It’s now one of the reasons I’m going to purchase my music on vinyl.

AF: It really brings into stark contrast how everybody has started to move toward digital downloads. But it’s all predicated on the assumption that the company you purchased from will continue to exist, or that if the company shuts down, it will give you the raw license.

MO: It’s basically a race between how long is it going to take for a service that is renting content to fall over and die or you falling over and dying. But it seems like the services are falling over faster than the people.

AF: It seems like every eight months, there is a new company that is all about streaming service A, B, and C. I’m sorry that was excited about our past episodes about cord-cutting, but the streaming wars are here, and every single person has their own streaming service that you have to pay for. You hear about them starting, and then you wait. There are two really good articles that discuss this: one from Motherboard written by Karl Bode, and another written by Brian Barrett for Wired. They both go into the idea of DRM and how it’s the worst thing because it’s being pushed into everything now.

KF: What would that look like? What is the DRM for a car or fridge?

MO: It’s all these little pieces of technology that end up permeating. DRM was sold to us as a thing that keeps people from pirating stuff. But that also gives centralized control over whether you can actually use it. So, it means the use of content can be yanked away if the service shuts down. So, it seems ludicrous for a car to have DRM-like features. But there are examples where this has gone from media into physical objects. Like the Keurig coffee machines where they were putting DRM on K-cups so that you couldn’t use a cloned version because you had to buy their particular ones for it to be used. This quickly got smashed to smithereens by people being up in arms. But there are other subtle ways. From a manufacturer’s standpoint, there are a lot of things that they want to control. There is a lot of centralized control that has benefits. But they can very easily disable something if they feel like doing so. And what are your rights and their rights if they do that? I don’t think anyone’s really tested that.

KF: If Amazon were to do this, then I think we’ll see what can really happen, and I think it’ll end up being a litigation matter.

AF: I think a lot of people are starting to get spooked about this. I think there are rumblings of this happening. Like if Apple announced that iTunes was dead, then people would wonder, “Hey, what about all of my stuff?” Apple is one of the biggest DRM dealers in the market right now, because you have iTunes, Apple TV, and iBooks. Every single market that they have is predicated on DRM. So, for the majority of the people in that ecosystem, they probably have a lot of stuff.

MO: If there is a zombie apocalypse, you won’t be able to download and access stuff, since the DRM would be able to access the server. You’ll have to go to the bookstore and get a book, and that’s the only way you’ll be able to read anything.

AF: There’s too much human hands on these things, and then you have the ability for bad actors. One of the largest video game marketplaces is Steam, which is run by Valve. People have paid hundreds of dollars to purchase games because they like the ecosystem. But all it takes is you being an asshole once on a public forum, and you could be banned, which would mean that you’d be locked out of hundreds of dollars of content, with no potential recourse to retain that. I know there have been questions in Europe about what it means to have ownership. So, I’m very interested in if this Microsoft stuff does trickle down into something bigger. So, get a library card, and there are some wonderful apps that allow you to download ebooks and movies because you are a card-carrying member of your library.

Have an idea for a Grepcast episode? We’d love to hear from you! Contact the Grepcast team via email at grepcast@tsp.me.

Links and Extra Reading

Aggression Detectors: The Unproven, Invasive Surveillance Technology Schools Are Using to Monitor Students

How a trivial cell phone hack is ruining lives

MICROSOFT’S EBOOK APOCALYPSE SHOWS THE DARK SIDE OF DRM

Microsoft Ebooks Will Stop Working Because It’s Shutting Down a DRM Server