Start Up No.1611: Apple responds on CSAM scanning concerns, Time Turning with RFID (sorta), the UK’s Theranos, and more

Modern fuel cars have up to 150 engine control units (ECUs) – so they’re now struggling for parts. (EVs need fewer. Just saying.) CC-licensed photo by 3ndymion on Flickr.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 10 links for you. Told you it was warm. I’m @charlesarthur on Twitter. Observations and links welcome.

Global warming? But what about Social Warming, my latest book?

Why the latest IPCC report is my climate tipping point • The Atlantic

Helen Lewis:


I no longer feel like the dog in the cartoon, insisting that “this is fine.” This isn’t fine. We have messed up quite badly, for some noble reasons, such as lifting people out of poverty, and some less noble ones, such as enriching the shareholders of fossil-fuel companies. But the same ingenuity that got humanity here, the ingenuity that created the internal-combustion engine and the airplane and the power station and the megafarm, is what can save us.

The impulse to procrastinate is understandable. Anyone who has written a book or cleaned out a garage will know the feeling: Simply by beginning such a project, you have committed yourself to an enormous amount of time and labor, so it’s easier not to start at all. That’s where politicians come in. Individual changes are no substitute for political action. Through subsidies and taxes, governments need to make the greenest option also the easiest one to take. Again, the surprise of the pandemic has been the high levels of compliance with shutdowns and mask mandates, despite isolated instances of rebellion making the news. The coronavirus didn’t cause looting. Society didn’t break down. In the face of existential threats, most of us are cooperative, kind, and resilient. Those qualities are what propelled a bunch of apes through an evolutionary journey that led to humans reaching the moon, splitting the atom, and creating RuPaul’s Drag Race.

The first thing to do is let the fear in, without letting it paralyze us.


Though, equally, at the individual level we have effectively no power; it requires those in charge to make decisions that change the game. Back nuclear power. Make coal-powered power stations financially calamitous to their owners. Fund carbon capture/removal technologies at every scale. (Trees are good, but we need something much more dramatic.)
unique link to this extract

Latest climate change report just heartfelt farewell letter telling humanity to remember the good times • The Onion


Cautioning readers to avoid dwelling on the negative, the latest report published Monday by the U.N.’s Intergovernmental Panel on Climate Change was just a heartfelt letter telling humanity to remember the good times.

“Look, regardless of what happens next, it’s been a great 300,000 years for our species,” read the assessment in part, adding that it would be a shame if the prospect of continual cataclysmic storms and unbreathable air overshadowed Homo sapiens’ many high points, such as the development of spoken language, stone tools, and agriculture.

“After studying all the data on ozone levels and the rate of melting permafrost, we found that you shouldn’t harp on that and instead focus on stuff like the Renaissance and the invention of irrigation or ice cream, you know, the halcyon times. Despite what our projections state, humanity will always be alive as long as we keep it in our hearts.”

The report concluded by imploring global citizens to take immediate action by sharing one fond memory from our epoch.


Like a stiletto slipped in between the third and fourth rib.
unique link to this extract

Apple’s mistake • Stratechery

Ben Thompson:


I am not anti-encryption, and am in fact very much against mandated backdoors. Every user should have the capability to lock down their devices and their communications; bad actors surely will. At the same time, it’s fair to argue about defaults and the easiest path for users: I think the iPhone being fundamentally secure and iCloud backups being subject to the law is a reasonable compromise.

Apple’s choices in this case, though, go in the opposite direction: instead of adding CSAM-scanning to iCloud Photos in the cloud that they own and operate, Apple is compromising the phone that you and I own-and-operate, without any of us having a say in the matter. Yes, you can turn off iCloud Photos to disable Apple’s scanning, but that is a policy decision; the capability to reach into a user’s phone now exists, and there is nothing an iPhone user can do to get rid of it.

A far better solution to the “Flickr problem” I started with [that Apple is underrepresented in reports of people holding or sending child sex abuse material] is to recognize that the proper point of comparison is not the iPhone and Facebook, but rather Facebook and iCloud.

One’s device ought be one’s property, with all of the expectations of ownership and privacy that entails; cloud services, meanwhile, are the property of their owners as well, with all of the expectations of societal responsibility and law-abiding which that entails. It’s truly disappointing that Apple got so hung up on its particular vision of privacy that it ended up betraying the fulcrum of user control: being able to trust that your device is truly yours.


I disagree, but he makes the best case possible. The reality is that the phone and the backup are effectively inseparable – the phone is the vessel for the backup – unless you limit yourself to local iTunes backups (in which case you’re not using iCloud Photo Library, which case the scanning doesn’t affect you).
unique link to this extract

Expanded protections for children: Frequently Asked Questions • Apple


Can the CSAM detection system in iCloud Photos be used to detect things other than CSAM?

Our process is designed to prevent that from happening. CSAM detection for iCloud Photos is built so that the system only works with CSAM image hashes provided by NCMEC and other child safety organizations. This set of image hashes is based on images acquired and validated to be CSAM by child safety organizations. There is no automated reporting to law enforcement, and Apple conducts human review before making a report to NCMEC. As a result, the system is only designed to report photos that are known CSAM in iCloud Photos. In most countries, including the United States, simply possessing these images is a crime and Apple is obligated to report any instances we learn of to the appropriate authorities.

Could governments force Apple to add non-CSAM images to the hash list?

Apple will refuse any such demands. Apple’s CSAM detection capability is built solely to detect known CSAM images stored in iCloud Photos that have been identified by experts at NCMEC and other child safety groups. We have faced demands to build and deploy government-mandated changes that degrade the privacy of users before, and have steadfastly refused those demands. We will continue to refuse them in the future. Let us be clear, this technology is limited to detecting CSAM stored in iCloud and we will not accede to any government’s request to expand it. Furthermore, Apple conducts human review before making a report to NCMEC. In a case where the system flags photos that do not match known CSAM images, the account would not be disabled and no report would be filed to NCMEC.

Can non-CSAM images be “injected” into the system to flag accounts for things other than CSAM?

Our process is designed to prevent that from happening. The set of image hashes used for matching are from known, existing images of CSAM that have been acquired and validated by child safety organizations. Apple does not add to the set of known CSAM image hashes.


Emphasis added in the second answer. (I think it might be a reference to the FBI/San Bernadino kerfuffle.) Apple clearly sees this as a bit of an antenna-gate, but not quite big enough to actually brief humans about it.

unique link to this extract

#DEFCON: Hacking RFID attendance systems with a Time Turner • Infosecurity Magazine

Sean Michael Kerner :


If a computer science student has a scheduling conflict and wants to attend two different classes that occur at the same time, what should that student do?

In a session at the DEF CON 29 conference on August 7, Ph.D. student Vivek Nair outlined a scenario where a hack of the attendance system could, in fact, enable him, or anyone else, to be in two places at the same time. Nair explained that many schools use an RFID-based attendance system known as an iClicker to track whether or not a student is present. The system includes a base station for each classroom or lecture hall, and then each student is required to carry a device, which can also be used to answer multiple-choice questions.

Nair noted that in the popular Harry Potter fiction series there is a magical device known as a Time Turner, which is used to help enable a student to be in two classes at the same time, via time travel.

“Without the luxury of magic, what is the next best thing?” Nair asked. “It is, of course, hacking.”


Well, hacking is after all a sort of magic.
unique link to this extract

How software is eating the car • IEEE Spectrum

Robert Charette:


“Once, software was a part of the car. Now, software determines the value of a car,” notes Manfred Broy, emeritus professor of informatics at Technical University, Munich and a leading expert on software in automobiles. “The success of a car depends on its software much more than the mechanical side.” Nearly all vehicle innovations by auto manufacturers, or original equipment manufacturers (OEMs) as they are called by industry insiders, are now tied to software, he says.

Ten years ago, only premium cars contained 100 microprocessor-based electronic control units (ECUs) networked throughout the body of a car, executing 100 million lines of code or more. Today, high-end cars like the BMW 7-series with advanced technology like advanced driver-assist systems (ADAS) may contain 150 ECUs or more, while pick-up trucks like Ford’s F-150 top 150 million lines of code. Even low-end vehicles are quickly approaching 100 ECUs and 100 million of lines of code as more features that were once considered luxury options, such as adaptive cruise control and automatic emergency braking, are becoming standard.

Additional safety features that have been mandated since 2010 like electronic stability control,backup cameras, and automatic emergency calling (eCall) in the EU, as well as more stringent emission standards that ICE vehicles can only meet using yet more innovative electronics and software, have further driven ECU and software proliferation.

Consulting firm Deloitte Touche Tohmatsu Limited estimates that as of 2017, some 40% of the cost of a new car can be attributed to semiconductor-based electronic systems, a cost doubling since 2007.


150 ECUs is a lot of ECUs, isn’t it. Apparently EVs use about one-third as many as internal combustion engines – providing another incentive, you’d think, for carmakers to shift.
unique link to this extract

Doximity, social network for doctors, full of antivax disinformation • CNBC

Ari Levy:


Doximity, which has long described itself as LinkedIn for doctors, held its stock market debut in June and rocketed up to a $10 billion market cap. In its IPO prospectus, the company said it had 1.8 million members, including 80% of physicians across the U.S. They use the site to connect with one another, share research, stay informed on industry trends and securely communicate with patients.

Malarik, who worked in psychiatry for over two decades, said it’s baffling to peruse Doximity’s site and find the type of misinformation that he expects to see on Facebook and YouTube, where conspiracy theories run rampant.

Malarik read directly from several comments posted by people with the initials M.D. or D.O., which indicates doctor of osteopathic medicine, after their names. There’s no anonymity on the site, so everyone is identified. In the posts, they refer to the vaccines as experimental, unproven or deadly and occasionally write “Fauxi” when talking about Dr. Anthony Fauci, the White House chief medical advisor.

Some commenters say that antibodies from contracting Covid are more effective than the messenger RNA, or mRNA, vaccines, which instruct human cells to make specific proteins that produce an immune response to the disease.


So little knowledge, so much internet.
unique link to this extract

Bad blood: a cautionary tale of the start-up that promised too much • The Sunday Times Magazine

Sara McCorquodale:


TLT had developed a futuristic Apple Watch-style device that claimed to measure “beat to beat” blood pressure in real time. It didn’t need to know your gender, your weight or your medical history. It just strapped on and gave you an instant, accurate flow of Fitbit-like data to an app on your phone. Two years of setbacks, delays and bust-ups with Sandeep and Nita Shah, the company’s founders, did not change the fact that this was the holy grail of healthcare.

The market size was enormous and the potential impact profound. Hypertension — the bane of 1.13 billion people globally — would lose its chilling nickname, “the silent killer” and it was all thanks to the Shahs’ revolutionary, closely guarded algorithm. Many companies with astronomical budgets had tried to measure blood pressure non-invasively in real time and failed. The idea that a couple from Hertfordshire had managed to crack it with a clever algorithm made their story all the more compelling and Pearce was not the only one to be convinced. The government had endorsed the company, putting Sandeep in front of potential investors at the British Business Embassy, and the device had won awards for innovation. Since Pearce had joined the company there had been meetings with tech giants, including Apple in London and Palo Alto.

…The Department for International Trade — then known as UK Trade and Investment — invited Sandeep to present TLT at the British Business Embassy as part of the celebrations around the London Olympics. During his talk, Sandeep claimed that the Sapphire was a “cuffless system” that could take a blood pressure reading anywhere on the body and that it would enter the market within the next 12 months. Watching from Minneapolis, Borgos was rolling his eyes. “There’s no way the sensor we had could have morphed into that,” he says. “I spent some time investigating non-invasive blood pressure, but it always involves the artery because that’s the pressure you’re measuring.”


The UK’s own little Theranos – though with a sadder ending: Sandeep Shah was found dead at his home last September.
unique link to this extract

Google considered buying ‘some or all’ of Epic during Fortnite clash, court documents say • The Verge

Adi Robertson:


Google considered buying Epic Games as the companies sparred over Epic’s Fortnite Android app, according to newly unsealed court filings. Last night, Google lifted some of its redactions in Epic’s antitrust complaint against Google, which Epic amended and refiled last month. The complaint still omits many details about Google’s dealings with specific companies, but the new details reflect internal Google communications about competition on the Android platform.

Epic claims Google was threatened by its plans to sidestep Google’s official Play Store commission by distributing Fortnite through other channels, and in an unredacted segment, it quotes an internal Google document calling Epic’s plans a “contagion” threatening Google. Here’s Epic’s description of the situation:

Google has gone so far as to share its monopoly profits with business partners to secure their agreement to fence out competition, has developed a series of internal projects to address the “contagion” it perceived from efforts by Epic and others to offer consumers and developers competitive alternatives, and has even contemplated buying some or all of Epic to squelch this threat.

The internal messages discussing that possibility remain secret, and the complaint doesn’t indicate that Google ever reached out to Epic with these plans. It also doesn’t give a timeframe for the discussion — although it presumably happened after Epic started its plans to launch Fortnite on Android in 2018. In a tweet after this article’s publication, Epic CEO Tim Sweeney said the plan “was unbeknownst to us at the time.”


Buying Epic could have been a good move in its own right, though. If Google could have kept up sufficient interest in the company, and if Epic had been able to retain its cohesion.
unique link to this extract

Divergent Association Task


The Divergent Association Task measures verbal creativity in under 4 minutes.

It involves thinking of unrelated ideas. People who are more creative tend to think of ideas with greater “distances” between them.

We recommend that you take the test before you learn more about it. You can also read our open-access manuscript in Proceedings of the National Academy of Sciences.


And here’s where you take the test.
unique link to this extract

Errata, corrigenda and ai no corrida: none notified

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.