Encryption is coming soon to Apple’s iCloud backups – which probably won’t please law enforcement in multiple countries. CC-licensed photo by Thomas Cloer on Flickr.
You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.
A selection of 10 links for you. Use them wisely. I’m @charlesarthur on Twitter. Observations and links welcome.
Apple plans new encryption system to ward off hackers and protect iCloud data • WSJ
Robert McMillan, Joanna Stern and Dustin Volz:
»
Apple is planning to significantly expand its data-encryption practices, a step that is likely to create tensions with law enforcement and governments around the world as the company continues to build new privacy protections for millions of iPhone users.
The expanded end-to-end encryption system, an optional feature called Advanced Data Protection, would keep most data secure that’s stored in iCloud, an Apple service used by many of its users to store photos, back up their iPhones or save specific device data such as Notes and Messages. The data would be protected in the event that Apple is hacked , and it also wouldn’t be accessible to law enforcement, even with a warrant.
While Apple has drawn attention in the past for being unable to help agencies such as the Federal Bureau of Investigation access data on its encrypted iPhones, it has been able to provide much of the data stored in iCloud backups upon a valid legal request. Last year, it responded to thousands of such requests in the US, according to the company.
With these new security enhancements, Apple would no longer have the technical ability to comply with certain law-enforcement requests such as for iCloud backups—which could include iMessage chat logs and attachments and have been used in many investigations.
…Ciaran Martin, former chief of the UK’s National Cyber Security Centre, said the announcement by Apple could pose legal complications for the company in multiple democracies that in recent years have adopted or weighed restrictions on technology that can’t be responsive to law-enforcement demands.
“Things will only be clearer when further technical details are given,” Mr. Martin said. “But on the face of it, existing legislation in Australia and looming legislation in the UK would seem to give those governments the power to tell Apple in those countries effectively not to do this.”
«
Seems that Apple has given up its plan to scan images being uploaded for child sexual abuse material. Unclear when or if this will be extended to China.
unique link to this extract
Low-cost battery built with four times the capacity of lithium • The University of Sydney
»
Led by Dr Shenlong Zhao from the University’s School of Chemical and Biomolecular Engineering, the battery has been made using sodium-sulphur – a type of molten salt that can be processed from sea water – costing much less to produce than lithium-ion.
Although sodium-sulphur (Na-S) batteries have existed for more than half a century, they have been an inferior alternative and their widespread use has been limited by low energy capacity and short life cycles.
Using a simple pyrolysis process and carbon-based electrodes to improve the reactivity of sulphur and the reversibility of reactions between sulphur and sodium, the researchers’ battery has shaken off its formerly sluggish reputation, exhibiting super-high capacity and ultra-long life at room temperature.
The researchers say the Na-S battery is also a more energy dense and less toxic alternative to lithium-ion batteries, which, while used extensively in electronic devices and for energy storage, are expensive to manufacture and recycle.
Dr Zhao’s Na-S battery has been specifically designed to provide a high-performing solution for large renewable energy storage systems, such as electrical grids, while significantly reducing operational costs.
«
Sounds like it won’t be in your electric car in a hurry – seems to be for large-scale batteries. But that’s fine too: renewables are intermittent, and so you need a lot of storage across the network.
unique link to this extract
More creative than mere humans • Hey.com
David Heinemeier Hansson:
»
why would we assume that AI won’t actually be more creative than mere humans? AI chess and go competitors are in part so superior now because they’re capable of wild leaps of ingenuity that stump human players. Moves that would never have been considered by a mere human because of their out-of-norm “thinking”. In this domain, it’s the humans executing mechanical moves based on memorized patterns, the computers making novel inferences.
Why shouldn’t the same be true of AI generated novels, plays, or movies? What realm of creative production does not benefit from the out-of-the-norm inferences that computers have already proven they can make within the bounds of chess and go to great effect? Is what we call human creativity all that different from a large language model anyway? A distillation of observations, inputs, mimetic tendencies, and a wetware random generator?
It’s incredibly exciting that we just might soon find out. And the revelation will go straight to the heart of the ageless discussion of what it means to be human. What is consciousness. What is creativity. To even be able to imagine a horizon where these questions are answered, not just within our life time, but within the next decade? Amazing moment to be alive.
«
Though as he also points out, people have been forecasting AI dooooom or Our New AI Overlords for decades, consistently wrongly. Nobody knows anything, to quote a famous Hollywood exec.
unique link to this extract
Google faces a serious threat from ChatGPT • The Washington Post
Parmy Olson:
»
Google works by crawling billions of web pages, indexing that content and then ranking it in order of the most relevant answers. It then spits out a list of links to click through. ChatGPT offers something more tantalizing for harried internet users: a single answer based on its own search and synthesis of that information. ChatGPT has been trained on millions of websites to glean not only the skill of holding a humanlike conversation, but information itself, so long as it was published on the internet before late 2021 [when its data model was completed].
I went through my own Google search history over the past month and put 18 of my Google queries into ChatGPT, cataloguing the answers. I then went back and ran the queries through Google once more, to refresh my memory. The end result was, in my judgment, that ChapGPT’s answer was more useful than Google’s in 13 out of the 18 examples.
“Useful” is of course subjective. What do I mean by the term? In this case, answers that were clear and comprehensive. A query about whether condensed milk or evaporated milk was better for pumpkin pie during Thanksgiving sparked a detailed (if slightly verbose) answer from ChatGPT that explained how condensed milk would lead to a sweeter pie. (Naturally, that was superior.) Google mainly provided a list of links to recipes I’d have to click around, with no clear answer.
«
I’m a big admirer of Parmy’s work, but I think she’s got it wrong here. (The first response I get from DuckDuckGo tells me the answer to her evaporated/condensed question.) ChatGPT is not authoritative. It might be right, or it might be quite wrong because it generates answers based on what it calculates comes next, statistically speaking. That’s always how large language models (LLMs) will be. The problem we face now is that search engines will be poisoned with LLM-generated content which might or might not be right. Perhaps the next Google will be one which ranks content by its accuracy.
unique link to this extract
Which? claims banks are leaving customers wide open to spoofing fraud • Finextra
»
Scammers will forge the name or number that comes up on an email, phone call or text message so that it appears to match that of a genuine firm, making it difficult for victims to realise that it is a fraudster.
To make it harder for fraudsters to impersonate them, companies can sign up to regulator Ofcom’s ‘Do Not Originate’ (DNO) list, a shared resource with telecoms providers to help them identify and block calls from numbers that are most likely to be spoofed. The DNO list makes a record of telephone numbers used by genuine firms or agencies to receive calls but never make them.
To test how effective banks were at protecting their customers, Which? made calls to a test phone, spoofing the prominent numbers of 14 current account providers. The firms’ numbers were chosen if they were the ones printed on the back of debit cards or listed as fraud helplines on their websites.
The consumer champion found that at least six major banks and building societies have failed to make full use of the DNO list. At least one phone number from HSBC, Lloyds, Santander, TSB, Nationwide and Virgin Money was successfully spoofed, leaving customers of those firms potentially at risk.
The investigation comes as the Metropolitan Police last week contacted 70,000 scam victims by text message to inform them they had probably been targeted by fraudsters.
«
Amazingly crap of the banks not to have acted on this. Arguably, if you suffered losses from this sort of bank fraud and the bank involved didn’t put its number on the DNO list, you could say that the bank was negligent.
unique link to this extract
The complexity of building seemingly simple lists • Anchor Change
Katie Harbath:
»
It’s 2012, and I’ve been at Facebook for just over a year. My job is working with Republican candidates and officials to create and use Facebook pages to connect with voters. One day I get a call from someone on the Obama digital team. The President’s page had been taken down. My colleague Adam, who worked with the Democrats, was on vacation. They were in a panic and wanted help figuring out what happened.
The early engineering culture at Facebook was where engineers could quickly build and push code. Turns out, one enterprising person had decided to build a list of profane words and decided that if any page had those words in their title or the about section, they should be removed. One of the words on that list was “dick.” The President’s team had listed on his page that his favorite book was Moby Dick, and that’s why the page came down.
We got it back up pretty quickly, but we also realized we needed a way to ensure the President of the United States’ page could be protected from mayhem like this. So we figured something out.
While this isn’t the exact moment that the system now known as cross-check was created, it is one of the earliest examples of why we needed it. Little did I know how this would grow in complexity over the years.
«
Harbath used to work on preventing election interference at Facebook. This is her response to the Oversight Board’s findings on the “VIP lane” for certain Facebook users. Useful to hear how hard it is from someone who was on the inside. The whole episode, and process, also applies to social media companies offering short-form content which needs moderation. (I spoke to Harbath for the paperback edition of Social Warming.)
unique link to this extract
Study: UK could run out of trained EV mechanics by 2027 without green skills drive • BusinessGreen News
Cecilia Keating:
»
A shortage of qualified electric vehicle (EV) mechanics could stall the UK’s transition to a more sustainable economy, new research has warned.
Think tank the Social Market Foundation (SMF) warned that the number of EVs on British roads is set to exceed the capabilities of the country’s EV mechanics workforce as soon as 2027. By the end of this decade, it projects the country could face a shortfall of 25,000 mechanics trained to service and repair EVs.
The SMF said the skills shortfall could drive up the cost of repairs, resulting in EVs being poorly maintained, and decrease the attractiveness of EVs for those yet to make the switch.
“Britain is in real danger of running short of the skilled mechanics and technicians needed to keep EVs on the roads,” said Amy Norman, senior researcher at the SMF. “More needs to be done to ensure more workers are getting the skills and training needed to keep Britain on the road to net zero.”
The SMF is calling on the government to take action that will prepare the UK workforce for the EV transition, noting that skills required for EV maintenance are significantly different to those required to maintain internal combustion engines.
«
Currently there’s a 5x surplus of EV techs, the SMF says. The report itself shows that a lot of existing mechanics don’t like the idea of retraining: they don’t think it would be “working with their hands”. This is a classic reactionary British attitude.
unique link to this extract
Samsung’s Android app-signing key has leaked and is being used to sign malware • Ars Technica
Ron Amadeo:
»
A developer’s cryptographic signing key is one of the major linchpins of Android security. Any time Android updates an app, the signing key of the old app on your phone needs to match the key of the update you’re installing. The matching keys ensure the update actually comes from the company that originally made your app and isn’t some malicious hijacking plot. If a developer’s signing key got leaked, anyone could distribute malicious app updates and Android would happily install them, thinking they are legit.
On Android, the app-updating process isn’t just for apps downloaded from an app store, you can also update bundled-in system apps made by Google, your device manufacturer, and any other bundled apps. While downloaded apps have a strict set of permissions and controls, bundled-in Android system apps have access to much more powerful and invasive permissions and aren’t subject to the usual Play Store limitations (this is why Facebook always pays to be a bundled app). If a third-party developer ever lost their signing key, it would be bad. If an Android OEM ever lost their system app signing key, it would be really, really bad.
Guess what has happened! Łukasz Siewierski, a member of Google’s Android Security Team, has a post on the Android Partner Vulnerability Initiative (AVPI) issue tracker detailing leaked platform certificate keys that are actively being used to sign malware.
«
Samsung, LG and Mediatek. Yet it turns out the Samsung key is six years old. The story gets very weird.
unique link to this extract
Tim Cook says Apple will use chips built in the US at Arizona factory • CNBC
Kif Leswing:
»
The plants will be capable of manufacturing the 4-nanometer and 3-nanometer chips that are used for advanced processors such as Apple’s A-series and M-series and Nvidia’s graphics processors.
…TSMC currently does most of its manufacturing in Taiwan, which has raised questions from US and European lawmakers about securing supply in the potential event of a Chinese invasion or other regional issues. Chip companies such as Nvidia and Apple design their own chips but outsource the manufacturing to companies like TSMC and Samsung Foundry.
The factories in Arizona will be partially subsidized by the US government. Earlier this year, Biden signed the CHIPS and Science Act into law, which includes billions of dollars in incentives for companies that build chip manufacturing capabilities on US soil.
TSMC said on Tuesday that it would spend $40bn on the two Arizona plants. The first plant in Phoenix is expected to produce chips by 2024. The second plant will open in 2026, according to the Biden administration. The TSMC plants will produce 600,000 wafers per year when fully operational, which is enough to meet US annual demand, according to the National Economic Council.
The US plants will be a small fraction of TSMC’s total capacity, which produced 12 million wafers in 2020. AMD CEO Lisa Su said in remarks on Tuesday that AMD plans to be a significant user of the TSMC Arizona fabs.
«
OK, only a small fraction, but sounds great, doesn’t it? Now read on.
unique link to this extract
TSMC’s Arizona chip plant, awaiting Biden visit, faces birth pains • WSJ
Yang Jie:
»
High costs, lack of trained personnel and unexpected construction snags are among the issues cited by Taiwan Semiconductor Manufacturing Co. (TSMC) as it rushes to get the north Phoenix factory ready to start production in December 2023.
“A range of construction costs and project uncertainty in Phoenix makes building the same advanced logic wafer fab in Taiwan considerably less capital intensive,” TSMC said in a letter last month to the Commerce Department.
“The real barrier” to setting up manufacturing in the US “is comparative cost to build and operate,” it said.
…TSMC executives have said it isn’t easy to recreate in America the manufacturing ecosystem they have built over decades in Taiwan, drawing on local engineering talent and a network of suppliers including many in East Asia. [TSMC founder Morris] Chang said the cost of making chips in Arizona may be at least 50% higher than in Taiwan.
The company’s letter to the Commerce Department, in which it responded to the department’s request for public comments about US chip-subsidy programs, was frank in listing the problems that have emerged during the Arizona construction.
It named six, including federal regulatory requirements, “unexpected work developments” during construction and additional site preparation, all of which it said raised costs.
«
Ben Thompson pointed to this article, along with some other details, as reasons why the Arizona plants are more window dressing than strategic rebalancing: the chips will be on older processes, cost more, be made in smaller volume.
unique link to this extract
| • Why do social networks drive us a little mad? • Why does angry content seem to dominate what we see? • How much of a role do algorithms play in affecting what we see and do online? • What can we do about it? • Did Facebook have any inkling of what was coming in Myanmar in 2016? Read Social Warming, my latest book, and find answers – and more. |
Errata, corrigenda and ai no corrida: none notified
The Overspill: when there's more that I want to say 