TIME Innovation

Five Best Ideas of the Day: August 4

1. Making the punishment fit the crime: A better way of calculating fines for the bad acts of big banks.

By Cathy O’Neill in Mathbabe

2. Lessons we can share: How three African countries made incredible progress in the fight against AIDS.

By Tina Rosenberg in the New York Times

3. Creative artists are turning to big data for inspiration — and a new window on our world.

By Charlie McCann in Prospect

4. We must give the sharing economy an opportunity to show its real potential.

By R.J. Lehmann in Reason

5. Technology investing has a gender problem, and it’s holding back innovation.

By Issie Lapowsky in Wired

The Aspen Institute is an educational and policy studies organization based in Washington, D.C.

TIME Data

Meet the Man Who Turned NYC Into His Own Lab

Steven Koonin, under secretary for science at the U.S. Department of Energy, listens during the 2011 CERAWEEK conference in Houston on March 11, 2011.
Steven Koonin, under secretary for science at the U.S. Department of Energy, listens during the 2011 CERAWEEK conference in Houston on March 11, 2011. Bloomberg—Bloomberg via Getty Images

Using big data to make a difference

In the mornings, Steven Koonin often dons a light blue shirt and khaki suit jacket, walks out of his apartment above Manhattan’s chic Washington Square park and heads for the subway. As he beelines down the sidewalk, the West Village buildings burp up black clouds of smoke as their boilers are fired on. At Sixth Avenue, an express bus screeches to the curb and blocks the pedestrian crosswalk. And as Koonin sits in the subway, he notices some of the signs are badly placed. “Can we fix this?” he wonders. He gets off at Brooklyn’s Jay Street-Metrotech station and rides an elevator to the 19th floor of a commanding building perched high above his native city. Then he gets to work.

Koonin is the director of New York University’s Center for Urban Science and Progress (CUSP), which is to say, he is the big data guru of New York City. He’s been given a lot of cash, millions of data points and a broad mandate by the city of New York: make it better. No big data project of this scale has been attempted before, and that’s because the tools never existed, until now. “There’s an enormous amount of data out there,” Koonin says with the vestiges of a Brooklyn accent. “If we can use the data to understand what’s going on in cities, we can improve them in a rational way.”

CUSP is both a research laboratory and a school. This year, it will have more than 60 students and 8 full-time faculty members. The students collaborate with the faculty and the city on big projects while they work toward either a Master of Science degree or an educational certificate. About a quarter of students this year will have social science degrees, another quarter each are engineers or scientists by training, and the rest will hail from fields as miscellaneous as film and fashion design. Their collective challenge is to turn numbers, spreadsheets, graphs and charts into a model that makes New York City work faster, cleaner, and more efficiently.

The program is already starting to make policy recommendations to the city, and as the institute attracts more talent, it will begin to play an important role in everything from easing Manhattan’s nasty rush hour traffic congestion, advising on prekindergarten school placement, cutting back on city pollution and helping businesses decide where best to open a franchise. “CUSP is able to work on those projects and take it to a deeper level of making more vetted recommendations,” says Nicholas O’Brien, the chief of staff in the Mayor’s Office of Data Analytics. “They bridge the gap between city data and creating actionable policy for city agencies.”

Koonin grew up in Bensonhurst, Brooklyn and in the late 1960s attended the prestigious Stuyvesant High School, where he and his friends once tried to use an old IBM computer (“it clunked along and had less power than your phone,” he says) to try and figure out the shortest time a subway rider could visit every single city stop on one fare. Koonin would go to the MTA headquarters to copy down timetables and input them into the computer.

Forty years later, Koonin has more data than he knows how to use. There are figures for household water consumption, purchases of goods, noise levels, taxi ridership, nutrition, traffic levels, restaurant inspections, parking violations and public park use; subway ridership, bus deployment, boiler lifespans, recycling rates, reservoir levels, street pedestrian counts; granular demographic breakdowns, household income, building permits, epidemic monitoring, toxin emissions, and on, and on and on. The challenge is making sense out of it, and that’s where CUSP comes in.

“The city has very little time to stand back and ask itself, ‘what are the patterns here?’” Koonin says. “That’s because they’re up to their asses in alligators, as you almost always are in government.”

Koonin would know. After receiving a Ph.D from MIT, he taught as a theoretical physics professor at Caltech before eventually working for BP and then the Obama administration. As Undersecretary of Energy for Science in the Obama administration, he was frustrated by the glacial progress on energy policy. To get things done, Koonin concluded, he needed a novel approach. “I came up with this notion of, ‘I’m going to go instrument a city as a scientist would,’” he says. In April 2012, he was announced director of the newly created CUSP program to make New York a living laboratory for urban improvement. Since then, Koonin has overseen a rapidly growing operation as it dances between 13 city agencies, the Metropolitan Transit Authority, the mayor’s office, and NYU, taking chunks of data and imagining actionable city policy.

CUSP’s temporary location (before it moves into the retrofitted Metropolitan Transit Authority headquarters) is an eclectic mix of high-tech and deep retro. The foyer, with firm orange chairs and dull wood paneling, looks like an Ikea designer recreated a 1970’s-era therapists’ office, but inside, two robots patrol the halls wielding touchscreens. A glass-enclosed conference room has 60 high-resolution monitors that on one Wednesday displayed the city’s taxi pick-up and drop-off data from the evening of May 1, and hundreds of teal and black taxi icons are scattered around a detailed digital map of Manhattan. In Koonin’s impressive corner office with magisterial vistas of downtown Brooklyn, he keeps a classic slate blackboard next to a keyboard. He can fluidly play “You Go To My Head,” the J. Fred Coots jazz standard, and “The Way You Look Tonight.”

“My dream is to be a lounge pianist,” Koonin the data-meister says drolly.

Like a doctor holding a prodigious stethoscope to New York City’s skyscrapers, Koonin needs to give the city a thorough physical before he can write a prescription. “The city has a pulse, it has a rhythm. It happens every day. There’s a characteristic pattern in the rise of economic activity, energy use, water use, taxi rides, et cetera,” Koonin says. “Can we measure the physiology of the city in its various dimensions? And define what normal is? What’s normal for a weekday, what’s normal for a weekend?”

“Then you can start to look for abnormalities,” he continues. “If subway ridership was low, was that correlated with the weather? When subway ridership is low, is taxi ridership high? You get a sense of what’s connected to what in the city. Can we look for anomalies, precursors of things? Epidemics, economic slowdown. So measuring the pulse of the city is one of the big things we’re after.”

CUSP is creating a system to measure microbiological samples from the city’s sewage system, using genomic technology to learn more about people’s nutrition and disease based on their waste. Do certain neighborhoods need better nutritional or hygienic practices? Another project involves a camera fixed to the roof of CUSP headquarters that can see anonymized data of when people’s lights turn on and off and monitor energy usage. When do people go to sleep? How regular are people’s sleeping hours? The institute is also working out a way to help the city’s Parks Department measure how many people use city parks, and what they do in them. (Hint: it could involve lots of infrared video.) The city could then much more intelligently design its public spaces.

“This is opening the door to the possibility that we would very accurately and very comprehensively understand how people would use our public spaces,” says Jacqueline Lu, director of analytics at the Parks Department.

The city’s 8.3 million-strong crowds, packed together on the subway like brightly colored gumballs or streaming through the streets like grains of sand blown by the wind, will be the ultimate beneficiaries of Koonin’s work. On his morning commute, he notes how the city has changed since he was a kid coming up in the public schools. “Everyday it’s really interesting to look at the crowds and see how they interact with one another,” he says. “The city works better. The trains are pretty much on time. So it’s pretty good.”

MONEY privacy

7 Ways to Protect Your Privacy Online

Illustration
Robert A. Di Ieso, Jr.

Companies can buy info on your health, political affiliations, financial stability, and more. Here's how to keep data brokers in the dark.

Data brokers store personal information about almost every single American consumer–and there’s usually very little you can do to see, correct, or delete your file. In fact, the companies that sell your personal data may know more about you than your own family does. That’s Federal Trade Commission chairwoman Edith Ramirez’s striking conclusion about a new government study on the data broker industry.

Brokers collect a wide swath of data about your buying habits, online behavior, home, finances, health, and more, according to the FTC, including this information:

• Your name (and previously used names), age, birthday, and gender
• Your address (and previous addresses), phone numbers, and email addresses
• Your Social Security and driver’s license numbers
• Your children’s ages and birthdays
• Your height and weight
• Your race and ethnicity
• Your religion (based on your last name)
• What languages you speak
• Whether you’re married (and whether you’re a single parent)
• Who lives with you
• Your education level and occupation (or if you’re retired)
• Bankruptcies, convictions for crimes, and tax liens
• Your state licenses–whether you hunt, fish, or have a professional license
• Your voter registration and political party
• The electronics you buy
• Your friends on social media
• How much you use the Internet and various social networks, including Facebook, LinkedIn, and Twitter
• Whether you use long distance calling services or mobile devices
• What kind of home you live in and how long you’ve lived there
• Your home loan amount, interest rate, and lender
• Your home’s listing price and market price
• How many rooms and bathrooms are in your home
• Whether you have a fireplace, garage, or pool
• What kinds of clothes you like
• What kinds of sporting events you attend
• The charities and causes you donate to
• Whether you gamble at casinos or buy lottery tickets
• Whether you’re a newlywed or pregnant
• The magazines and catalogs you subscribe to
• The media channels you use
• Whether you golf, ski, or camp
• Whether you own pets
• The celebrities, movies, music, and books you like
• Whether you have upscale retail cards
• The daytime TV you watch
• What credit cards you carry and your credit worthiness
• Whether you own stocks and bonds
• How many investment properties you own
• Your estimated income and your discretionary income
• Whether you have life insurance
• What car brands you prefer
• The make and model of your cars
• Whether you own a boat
• The most you’ve ever spent on travel
• Whether you’re a frequent flyer and your favorite airline
• Whether you own vacation property
• What kinds of vacations you take (including casino, time share, cruises or RV vacations)
• How you pay for things
• What kinds of food you buy
• How much you buy from “high-scale catalogs”
• What kinds of products you frequently buy
• Whether you buy women’s plus-sized clothing or men’s big & tall clothing
• Whether you search for ailments online
• Whether you or someone in your household smokes
• The drugs you buy over-the-counter
• Whether you wear contacts
• Whether you suffer from allergies
• Whether you have an individual health insurance plan
• Whether you’ve bought supplemental Medicare or Medicaid insurance
• Whether you buy weight loss supplements

 

How do companies know that? You might be revealing details about your private life without realizing it. Whenever you post information online, register on a website, shop, or submit a public record like a mortgage or voter registration, data brokers can collect information, and then turn around and sell what they have on you to advertisers and other companies (like risk mitigation and people-finder services).

Data brokers also make guesses about you and your interests based on other information they have, then sort you into groups, called “segments.” That way, advertisers can buy lists of consumers who might be interested in particular products.

Privacy advocates fear that companies might use personal information–and particularly demographic information–to discriminate against certain consumers. For example, the FTC warns that lenders could target vulnerable groups with subprime loans, or insurers could decide that people with adventurous hobbies are high-risk.

The industry line is that those concerns are purely speculative and that some customers appreciate targeted ads. “One interesting thing about this [FTC] report is that after thousands of pages of documentation submitted over the two years of thorough inquiry by the FTC, the report finds no actual harm to consumers, and only suggests potential misuses that do not occur,” Peggy Hudson, senior vice president of government affairs at the Direct Marketing Association, said in a statement.

The FTC is urging Congress to give you access to your data and the ability to opt-out of data broker services. In the meantime, here are a seven easy things you can do to limit what you share.

1. Delete Cookies

The first step towards protecting your privacy online is to delete “cookies” from your browser, says Paul Stephens, director of policy and advocacy at the Privacy Rights Clearinghouse. Cookies let websites collect information about what else you do online. Most browsers have privacy settings that let you block third-party cookies. But it’s not fool proof. Stephens warns that trackers are now switching from cookies to a new kind of targeting called fingerprinting, which is much harder to avoid.

2. Log Out of Social Media Sites While You Browse the Web

Another simple strategy, says Stephens, is to use different browsers for different online services. That will limit how much information any one site can collect about your web activity. For example, he says, “don’t go to a shopping site while you are logged in to Facebook.”

3. Change Your Smartphone’s Privacy Settings

Advertisers can also track you when you’re browsing the web on your mobile device, warns Gautam Hans, attorney at the Center for Democracy and Technology. You can change the privacy settings on your iPhone or Android device to limit ad tracking.

4. Skip Store Loyalty Cards

Data brokers collect information from the real world too, Hans says. It’s impossible to limit brokers’ access to some kinds of personal information, like public records. But if privacy is really important to you, decline offers for store loyalty cards–a major way retailers gather information about your buying habits. The downside? You may miss out on discounts.

5. Employ Advanced Online Tools

For the especially privacy-conscious, there are a number of online tools that can ratchet up your defenses. Some browser add-ons, like Disconnect.me, help you see and block tracking requests as you spend time online. Instead of Google, you can try the DuckDuckGo search engine, which promises not to collect or share personal information. Or use the browser Tor, which lets you go online anonymously. But these extra measures may not be a good fit for everyone. Some websites don’t load properly when you use anonymous browsing, Hans notes.

6. Opt-out of Data Broker Collection—Whenever Possible

Ultimately, it’s difficult to get data brokers to stop collecting information about you, or even find out how much information brokers already have. The FTC concluded that to date, “consumer opt-out requests may not be completely effective.” But one major data broker made waves last year when it launched a portal that allows you to access your data and opt-out of certain services. Check AboutTheData.com to see what information Acxiom has stored on you.

7. Do a Digital Check-up

Many popular sites like Facebook, Amazon, and Twitter offer privacy controls, so use them. Every once in a while, check your settings and see if you’re happy with how you are limiting the ways your data is used. “What’s important is that people have the opportunity to meaningfully consent,” Hans says.

TIME Culture

# Selfie, Steampunk, Catfish: See This Year’s New Dictionary Words

154446225
This picture displays "nautical steampunk fashion." Renee Keith / Getty Images / Vetta

Merriam-Webster has revealed 150 new words that will be added to its collegiate dictionary this year, ranging from 'hashtag' and 'catfish' to 'dubstep' and 'crowdfunding,' most of which speak to some intersection of pop culture, technology and the Internet

Today Merriam-Webster, America’s best known keeper of words, announced new entries for their collegiate dictionary in 2014. Among them are telling specimens like selfie, hashtag and steampunk, reflecting lasting cultural obsessions that have become widespread enough to earn a place in the big red book.

“So many of these new words show the impact of online connectivity to our lives and livelihoods,” says Editor-at-Large Peter Sokolowski, in a press release. And that’s not all.

Many of the 150 new words do indeed speak to some intersection of pop culture and technology, like Auto-Tune and paywall. But others, like freegan and turducken, remind us how many modern Americans are bravely pursuing alternative eating habits, refusing to forego dumpsters as a regular food source or to consume merely one kind of poultry at a time. And though MW does not say as much, others remind us of what lasting influence Kate Middleton has in our society (See: baby bump, fangirl).

Here is a selection of the new words, with their definitions and the earliest year Merriam-Webster editors could find them being used:

Auto-Tune (v., 2003): to adjust or alter (a recording of a voice) with Auto-Tune software or other audio-editing software esp. to correct sung notes that are out of tune

baby bump (n., 2003): the enlarged abdomen of a pregnant woman

big data (n., 1980): an accumulation of data that is too large and complex for processing by traditional database management tools

brilliant (adj., new sense): British: very good, excellent

cap-and-trade (adj.,1995): relating to or being a system that caps the amount of carbon emissions a given company may produce but allows it to buy rights to produce additional emissions from a company that does not use the equivalent amount of its own allowance

catfish (n., new sense): a person who sets up a false personal profile on a social networking site for fraudulent or deceptive purposes

crowdfunding (n., 2006): the practice of soliciting financial contributions from a large number of people esp. from the online community

digital divide (n., 1996): the economic, educational, and social inequalities between those who have computers and online access and those who do not

dubstep (n., 2002): a type of electronic dance music having prominent bass lines and syncopated drum patterns

e-waste (n., 2004): waste consisting of discarded electronic products (as computers, televisions, and cell phones)

fangirl (n., 1934): a girl or woman who is an extremely or overly enthusiastic fan of someone or something

fracking (n., 1953): the injection of fluid into shale beds at high pressure in order to free up petroleum resources (such as oil or natural gas)

freegan (n., 2006): an activist who scavenges for free food (as in waste receptacles at stores and restaurants) as a means of reducing consumption of resources

gamification (n., 2010): the process of adding game or gamelike elements to something (as a task) so as to encourage participation

hashtag (n., 2008): a word or phrase preceded by the symbol # that clarifies or categorizes the accompanying text (such as a tweet)

hot spot (n., new sense): a place where a wireless Internet connection is available

insource (v., 1983): to procure (as some goods or services needed by a business or organization) under contract with a domestic or in-house supplier

motion capture (n., 1992): a technology for digitally recording specific movements of a person (as an actor) and translating them into computer-animated images

paywall (n., 2004): a system that prevents Internet users from accessing certain Web content without a paid subscription

pepita (n., 1942): the edible seed of a pumpkin or squash often dried or toasted

pho (n., 1935): a soup made of beef or chicken broth and rice noodles

poutine (n., 1982): chiefly Canada: a dish of French fries covered with brown gravy and cheese curds

selfie (n., 2002): an image of oneself taken by oneself using a digital camera esp. for posting on social networks.

social networking (n., 1998): the creation and maintenance of personal and business relationships esp. online

spoiler alert (n., 1994): a reviewer’s warning that a plot spoiler is about to be revealed

steampunk (n., 1987): science fiction dealing with 19th-century societies dominated by historical or imagined steam-powered technology

turducken (n., 1982): a boneless chicken stuffed into a boneless duck stuffed into a boneless turkey

tweep (n., 2008): a person who uses the Twitter online message service to send and receive tweets

unfriend (v., 2003): to remove (someone) from a list of designated friends on a person’s social networking Web site

Yooper (n., 1977): a native or resident of the Upper Peninsula of Michigan — used as a nickname

TIME technology

My Experiment Opting Out of Big Data Made Me Look Like a Criminal

The Latest Mobile Apps At The App World Multi-Platform Developer Show
The Facebook Inc. and Twitter Inc. company logos are seen on an advertising sign during the Apps World Multi-Platform Developer Show in London, U.K., on Wednesday, Oct. 23, 2013. Bloomberg/Getty Images

Here's what happened when I tried to hide my pregnancy from the Internet and marketing companies

This week, the President is expected to release a report on big data, the result of a 90-day study that brought together experts and the public to weigh in on the opportunities and pitfalls of the collection and use of personal information in government, academia and industry. Many people say that the solution to this discomfiting level of personal-data collection is simple: if you don’t like it, just opt out. But as my experience shows, it’s not as simple as that. And it may leave you feeling like a criminal.

It all started with a personal experiment to see if I could keep a secret from the bots, trackers, cookies and other data sniffers online that feed the databases that companies use for targeted advertising. As a sociologist of technology, I was launching a study of how people keep their personal information on the Internet, which led me to wonder: Could I go the entire nine months of my pregnancy without letting these companies know that I was expecting?

This is a difficult thing to do, given how hungry marketing companies are to identify pregnant women. Prospective mothers are busy making big purchases and new choices (which diapers? Which bottles?) that will become their patterns for the next several years. In the big-data era of targeted advertising, detection algorithms sniff out potentially pregnant clients based on their shopping and browsing patterns. It’s a lucrative business; according to a report in the Financial Times, identifying a single pregnant woman is worth as much as knowing the age, sex and location of up to 200 people. Some of these systems can even guess which trimester you’re in.

Avoiding this layer of data detectors isn’t a question of checking a box. Last year, many people were shocked by the story of the teenager in Minnesota whose local Target store knew she was expecting before her father did. Based on her in-store purchasing patterns tracked with credit cards and loyalty programs, Target started sending her ads for diapers and baby supplies, effectively outing her to her family. Like the girl in the Target store, I knew that similar systems would infer my status based on my actions. So keeping my secret required new habits, both online and off.

Social media is one of the most pervasive data-collection platforms, so it was obvious that I couldn’t say anything on Facebook or Twitter, or click on baby-related link bait. But social interactions online are not just about what you say but also what others say about you. One tagged photo with a visible bump and the cascade of “Congratulations!” would let the cat out of the bag. So when we phoned our friends and families to tell them the good news, we told them about our experiment, requesting that they not put anything about the pregnancy online.

Social media isn’t the only offender. Many websites and companies, especially baby-related ones, follow you around the Internet. So I downloaded Tor, a private browser that routes your traffic through foreign servers. While it has a reputation for facilitating illicit activities, I used it to visit BabyCenter.com and to look up possible names. And when it came to shopping, I did all my purchasing—from prenatal vitamins to baby gear and maternity wear—in cash. No matter how good the deal, I turned down loyalty-card swipes. I even set up an Amazon.com account tied to an email address hosted on a personal server, delivering to a locker, and paid with gift cards purchased with cash.

It’s been an inconvenient nine months, but the experiment has exposed harsh realities behind the opt-out myth. For example, seven months in, my uncle sent me a Facebook message congratulating me on my pregnancy. My response was downright rude: I deleted the thread and unfriended him immediately. When I emailed to ask why he did it, he explained, “I didn’t put it on your wall.” Another family member who reached out on Facebook chat a few weeks later exclaimed, “I didn’t know that a private message wasn’t private!”

This sleight of hand is intentional. Internet companies hope that users will not only accept the trade-off between “free” services and private information but will also forget that there is a trade-off in the first place. Once those companies have that personal data, users don’t have any control over where it goes or who might have access to it in the future. And unlike the early days of the Internet, in which digital interactions were ephemeral, today’s Internet services have considerable economic incentives to track and remember—indefinitely.

Attempting to opt out forced me into increasingly awkward interactions with my family and friends. But, as I discovered when I tried to buy a stroller, opting out is not only antisocial, but it can appear criminal.

For months I had joked to my family that I was probably on a watch list for my excessive use of Tor and cash withdrawals. But then my husband headed to our local corner store to buy enough gift cards to afford a stroller listed on Amazon. There, a warning sign behind the cashier informed him that the store “reserves the right to limit the daily amount of prepaid card purchases and has an obligation to report excessive transactions to the authorities.”

It was no joke that taken together, the things I had to do to evade marketing detection looked suspiciously like illicit activities. All I was trying to do was to fight for the right for a transaction to be just a transaction, not an excuse for a thousand little trackers to follow me around. But avoiding the big-data dragnet meant that I not only looked like a rude family member or an inconsiderate friend, but I also looked like a bad citizen.

The myth that users will “vote with their feet” is simply wrong if opting out comes at such a high price. With social, financial and even potentially legal repercussions involved, the barriers for exit are high. This leaves users and consumers with no real choice nor a voice to express our concerns.

No one should have to act like a criminal just to have some privacy from marketers and tech giants. But the data-driven path we are currently on—paved with the heartwarming rhetoric of openness, sharing and connectivity—actually undermines civic values and circumvents checks and balances. The President’s report can’t come soon enough. When it comes to our personal data, we need better choices than either “leave if you don’t like it” or no choice at all. It’s time for a frank public discussion about how to make personal-information privacy not just a series of check boxes but a basic human right, both online and off.

TIME Security

9 Terrifying Digital Threats Lurking in the Shadows

Getty

fortunelogo-blue
This post is in partnership with Fortune, which offers the latest business and finance news. Read the article below originally published at Fortune.com.

It’s that time of year again: Spring is in the air, Monarch butterflies are traveling north, and Verizon’s data breach report is making the rounds, freaking out already freaked-out chief information security officers around the globe.

The annual report compiles and analyzes more than 63,000 security incidents (as well as 1,300 confirmed data breaches) from about 50 companies worldwide. This year’s 60-page document identified nine main patterns of attack, including point-of-sale intrusions, denial-of-service attacks and acts of cyberespionage. According to Verizon, 94% of all security incidents in 2013 can be traced to these nine basic categories.

(As for the other 6% of threats facing corporate America, well, ignorance is bliss, right?)

Here, our summary of the most pressing security threats for major companies:

1. Web app attacks

Hands down, this is the most common type of data breach. According to Verizon’s report, web applications remain the “proverbial punching bag of the Internet.” How do the bad guys do it? Phishing techniques, installing malware, and, yes, correctly guessing the name of your first stuffed animal, your oldest cousin’s eye color and your nickname in sixth grade. There are ways to better protect Internet-facing applications, Verizon insists, and it starts with two-factor authentication.

2. Cyberespionage

Incidents of unauthorized network or system access linked to state-affiliated actors have tripled — that’s right, tripled — over the last year. Espionage exhibits a wider variety of “threat actions” than any other attack pattern, Verizon says, which means that once intruders gain access, they’re making themselves comfortable and partaking in all sorts of activities, from scanning networks to exporting data. Verizon warns that we can’t keep blaming China, though — at least not just China. About 21% of reported incidents are now being instigated from Eastern Europe.

3. Point-of-sale intrusions

Given the recent high-profile Target breach, in which hackers gained access to the credit card numbers of some 40 million customers, this may seem like the attack pattern du jour. But Verizon claims point-of-sale intrusions have actually been trending down over the last several years. “Recent highly publicized breaches of several large retailers have brought POS compromises to the forefront,” the report’s authors write. “But at the risk of getting all security-hipster on you — we’ve been talking about this for years.” Still, retailers and hotel companies in particular need to be concerned about this kind of attack. It only takes one massive point-of-sale intrusion to scare away customers and investors — just ask Target.

4. Payment card skimmers

Skimming mainly affects ATMs and gas pumps, and is a relatively crude form of attack that requires a skimming device to be physically added to a machine. It’s hardly a new tactic, but what’s different today is the way that the data from “skimmed” payment cards is collected. Before, a criminal had to retrieve the skimming device; now, a thief can remotely collect the data using Bluetooth or other wireless technologies. More modern ATMs are designed to be relatively tamper-free, but this is still a big problem in some parts of the world, such as Bulgaria and Armenia.

5. Insider misuse

Not sure what falls under this category? Imagine someone akin to the rebel NSA defense contractor Edward Snowden, or pretty much any unapproved or malicious use of organizational resources. The most common examples of this are employees using forbidden devices (e.g. USB drives) or services to send intellectual property to their personal accounts — or, more deliberately, posing as another user and sending messages aimed at getting a colleague fired. According to Verizon, many of the people committing these crimes are payment chain personnel and end users, but C-suite managers were more to blame in prior years. Bottom line: Trust no one.

6. Crimeware

This category includes any malware incident that doesn’t fit into the espionage or point-of-sale buckets. The goal is always some kind of illicit activity, such as stealing users’ online banking credentials. Most forms of crimeware start with web activity such as downloads or so-called drive-by infections, where a virus can be downloaded when a user unknowingly clicks on a deceptive pop-up window. What can corporations do to combat these types of attacks? Keep software such as browsers up to date.

7. Miscellaneous errors

Oops, I did it again — as in, I sent an email containing sensitive information to the wrong recipient. That’s the most common example of this kind of unintentional data disclosure. Others include accidentally posting non-public information to a company’s web server or even snail-mailing documents to the wrong physical address. There’s no cure for human error (other than replacing them with computers, of course), but Verizon says corporations can implement data loss prevention software to reduce instances of sensitive files sent by email and tighten processes around posting documents to internal and external websites.

8. Physical theft/loss

Here’s a fun fact: It turns out that corporate assets like phones and laptops are stolen from corporate offices more often than from homes or vehicles. The primary cause of this type of incident? Carelessness. According to the Verizon report: “Accidents happen. People lose stuff. People steal stuff. And that’s never going to change.” The only thing you can change, advises the company, is to encrypt devices, back up data, and encourage employees to keep their gadgets close.

9. Distributed denial-of-service attacks

Last but not least, so-called DDoS threats include any attack aimed at compromising the availability of networks and systems. These are primarily directed at the financial, retail and public sectors. And while the motives behind shutting down corporate, consumer-facing websites remains the same — extortion, protest, or perverse fun — the tools at attackers’ disposal have become more sophisticated and more thoughtfully named, such as “Brobot” and “itsoknoproblembro.”

More on cybersecurity from Fortune:

TIME Surveillance

The New Cop on the Beat May Be a Bot

Knightscope K5 promises enhanced policing capabilities, courts controversy

+ READ ARTICLE

Have we as a species learned nothing from Robocop?

A Silicon Valley company called Knightscope is currently testing a prototype robot designed to detect and monitor criminal activity, much the way a police officer or a security guard would.

The Knightscope K5 is a five-foot-tall autonomous robot (one presumes that its resemblance to a Dalek is merely coincidental) that roams around your neighborhood, observing and gathering data and trying to predict where and when criminal activity will occur.

It carries no weaponry, but it has a pretty complete sensor package that includes thermal imaging, license plate reading and facial recognition.

This takes public surveillance a step beyond stationary cameras, and the challenges to personal privacy are clear. The K5 could do a whole lot of good by deterring crime, especially in neighborhoods that lack the resources to field an adequate police presence.

But where do you draw the line?

TIME Innovation

Raph Koster on Facebook-Oculus: You’re Just Another Avatar in Someone Else’s MMO

A gamer uses an Oculus virtual reality headset at the Eurogamer Expo 2013 in London.
A gamer uses an Oculus virtual reality headset at the Eurogamer Expo 2013 in London, September 26, 2013. Leon Neal—AFP/Getty Images

The Facebook-Oculus deal, for all the good it might do, requires that we all start paying much closer attention to ownership and control of virtual spaces.

Former Ultima Online and Star Wars Galaxies lead Raph Koster has the most insightful and incisive piece I’ve yet seen on the Facebook/Oculus VR deal. Instead of worrying about Mark Zuckerberg’s gaming cred or the integrity of Oculus’ Kickstarter or whether Google should have swooped in first or what $2 billion means relative to anyone else’s VR war chest, Koster zooms out to offer a perceptive overview of the underlying currents defining near and future computing trends, and the problematic artifacts that accompany those trends.

In Koster’s view, computing’s near-future is essentially “wearable” versus “annotated.” You’re either plugging stuff into your person to augment (or simulate) your reality, or carrying stuff around that places interpretive brackets around it. The difference between the two notions is academic, of course, and Koster says both camps — currently shaped by competing commercial visions that have as much to do with molding consumer interest as tapping it — can’t escape the black hole tug that’ll eventually draw them together.

About this, Koster says:

One is the mouth, the other the ears. One is the poke, the other the skin. And then we’re in a cyberpunk dream of ads that float next to us as we walk, getting between us and the other people, our every movement mined for Big Data.

What does it mean when companies as vast as Facebook or Google or Apple have this level of access to and control over the way we interface with anything, conventional notions of reality or otherwise? It means…well, trouble, because it’s already causing trouble via the pre-VR, pre-“presence” social network-driven personal desire assimilation engines that live in our cars, houses, workspaces and pockets.

I’m not a libertarian privacy-at-all-costs wingnut committed to a wildly idealistic impossibility. I see the philosophical cracks in some of these very old, culturally bound presumptions about what privacy ought to be, as if humans were self-sustaining islands in some mythic state of equilibrium capable of inhabiting this planet without imposition of any sort on another (ultimate privacy is, in fact, another way of describing a form of sociopathy). Mark Zuckerberg isn’t wrong when he’s said that privacy as we know it (or ideally expect it) has to change, and that that’s symptomatic of a technology-fueled (which is to say fundamentally us-driven) paradigm shift.

But the most important question in this barrier-cracking worldview, where we inject all that we are into someone’s calculating server farm, is this: Who has ultimate ownership of that technology?

In an ideal world, virtual reality would probably be open source, broadly distributed, and all this looming virtual turf would be owned (or data-mined, or suffused with overt or subliminal ads) by no one. But suggest as much and you’re basically ringing a bell for arguments about the so-called risk-takers and venture capitalists and entrepreneurial geniuses necessary to make all that looming virtu-topia possible, because true or no, that narrative’s drawn from as old and deeply embedded a cultural playbook as exists.

That question’s at the crux of the issue Koster’s getting at when he says the Facebook/Oculus deal isn’t about rendering (that is, geeky cool visual stuff) so much as it is about “placeness.” It’s about ownership, specifically ownership of cloud-space.

Virtual reality in that sense is going to be as boundless as a processor farm’s prowess and a design team’s imagination. It’s perhaps most poignantly the vision Tad Williams shares in his Otherland series, but it’s also there in Neal Stephenson and William Gibson and Bruce Sterling and all the countless others, in particular post-1980s-VR artists and thinkers, who’ve grappled with the question in one form or another. It’s a vision of the future in which extremely powerful, functionally opaque institutions compete for our attention in unfathomably vast virtual emporiums that, yes, may well start with something as innocuous-sounding as mountain climbing and concert-going (say in Facebook’s case). But how quickly does that move on to wish fulfillment (which is where it risks becoming narcotic), where it’s simultaneously mining our hopes, dreams, desires and eventually every measurable detail of our lives?

“It’s about who owns the servers,” says Koster. “The servers that store your metrics. The servers that shout the ads. The servers that transmit your chat. The servers that geofence your every movement.”

And then:

It’s time to wake up to the fact that you’re just another avatar in someone else’s MMO. Worse. From where they stand, all-powerful Big Data analysts that they are, you look an awful lot like a bot.

Paranoia about what companies are doing with your data today may be overstated, in that I’m pretty sure no one cares what I say on the phone or send through email in the here-and-now. But healthy paranoia, if such a thing exists, involves educated hypothesizing (that is, extrapolating based on historical precedent). There’s certainly precedent for virtual reality, since the latter’s still going to be constrained by our imaginations. In this 21st century pre-singularity moment, we’re still as human as we’ve ever been. The problems we’ll have to deal with when we strap things on our faces and start to reify what we’re already capable of doing when we close our eyes and dream are going to be the same problems we’ve been dealing with for millennia, however amplified or fetishized or distorted.

Grappling with something as far flung (and yet simultaneously present) as global warming isn’t about solving those problems today, it’s about considering a tomorrow many of us won’t see. It’s about understanding the scale involved with addressing those problems, about thinking longterm instead of excusing inaction based on human ephemeralness. The kinds of things Koster worries about won’t happen overnight, but gradually — so gradually that the shifts can be imperceptible. The dystopian futures that seem so reprehensible in the best speculative fiction don’t arrive like fleets of hostile aliens, galvanizing us to action, and Koster’s future in which we’re an avatar in someone else’s MMO is already partly here. In a 2007 interview about his book Spook Country, William Gibson said “it’s hard to write science fiction anymore when reality is so unbelievable.”

I’m excited about Oculus VR’s tech. I can’t wait for my devkit to arrive this summer. But as Koster puts it, “I’m a lot more worried about whose EULA is going to govern my life.”

Me too.

TIME privacy

IBM: We Haven’t Given the NSA Any Client Data

Participants visit the IBM stand at the Mobile World Congress in Barcelona
Participants visit the IBM stand at the Mobile World Congress in Barcelona, February 26, 2014. Albert Gea / REUTERS

Big Blue calls for a "robust debate on surveillance reforms" and says "governments must act to restore trust." It's the latest tech company to try to distance itself from the controversial spying program

Technology giant IBM hasn’t given the U.S. National Security Agency access to any client data and would challenge any surveillance-related gag orders imposed by the government, a top company executive wrote in an open letter to clients Friday. The world’s largest technology services company also says it hasn’t put “backdoors” in any of its products or provided the NSA with encryption keys that would allow the agency to access client data, according to Robert C. Weber, IBM General Counsel and Senior Vice President for legal and regulatory affairs.

IBM’s letter, which is clearly designed to reassure clients who have been spooked by recent revelations about the role of major technology companies in U.S. surveillance programs, is Big Blue’s most detailed public statement following disclosures supplied by former NSA contractor Edward Snowden. Industry experts estimate that the NSA revelations could cost top U.S. tech companies billions of dollars over the next several years if international clients take their business elsewhere. Over half of IBM’s revenue comes from clients outside the U.S.

“The U.S. government should have a robust debate on surveillance reforms, including new transparency provisions that would allow the public to better understand the scope of intelligence programs and the data collected,” Weber wrote, adding that governments “should not subvert commercial technologies, such as encryption, that are intended to protect business data.”

(MORE: NSA Spying Scandal Could Cost U.S. Tech Giants Billions)

In the letter, Weber wrote that IBM has not provided client data to the NSA or any other government agency under the program known as PRISM, nor has the company provided such data under any surveillance program involving the bulk collection of content or metadata. The NSA has used the PRISM program to examine data — including e-mails, videos and online chats — via requests made under the Foreign Intelligence Surveillance Act (FISA), according to documents leaked by Snowden.

Weber goes on to write that IBM has not provided client data stored outside the U.S. government under a national security order, such as a FISA order or a National Security Letter, nor has the company put “backdoors” in its products or provided software source code or encryption keys to the NSA or any other government agency for the purpose of accessing client data.

In the letter, IBM sought to distance itself from other major tech and telecom companies that were named in the Snowden documents, and said that its expectation is that if a government did have an interest in its clients’ data, the government would approach that client, not IBM.

“Our business model sets us apart from many of the companies that have been associated with the surveillance programs that have been disclosed,” Weber wrote. “Unlike those companies, IBM’s primary business does not involve providing telephone or Internet-based communication services to the general public. Rather, because the vast majority of our customers are other companies and organizations, we deal mainly with business data.”

Weber wrote that if the U.S. government were to serve a national security order on IBM to obtain data from a client and impose a gag order that prohibits IBM from notifying that client — as the government as done with respect to user data received from big Internet companies like Google, Yahoo and Facebook — IBM would take “appropriate steps to challenge the gag order through judicial action or other means.” The same goes for any national security order seeking to obtain client data stored outside the U.S., Weber wrote.

“Governments must act to restore trust,” Weber wrote. “Technology often challenges us as a society. This is one instance in which both business and government must respond. Data is the next great natural resource, with the potential to improve lives and transform institutions for the better. However, establishing and maintaining the public’s trust in new technologies is essential.”

TIME big data

Google’s Flu Project Shows the Failings of Big Data

Google flu trends
GEORGES GOBET/AFP/Getty Images

A new study shows that using big data to predict the future isn't as easy as it looks—and that raises questions about how Internet companies gather and use information

Big data: as buzzwords go, it’s inescapable. Gigantic corporations like SAS and IBM tout their big data analytics, while experts promise that big data—our exponentially growing ability to collect and analyze information about anything at all—will transform everything from business to sports to cooking. Big data was—no surprise—one of the major themes coming out of this month’s SXSW Interactive conference. It’s inescapable.

One of the most conspicuous examples of big data in action is Google’s data-aggregating tool Google Flu Trends (GFT). The program is designed to provide real-time monitoring of flu cases around the world based on Google searches that match terms for flu-related activity. Here’s how Google explains it:

We have found a close relationship between how many people search for flu-related topics and how many people actually have flu symptoms. Of course, not every person who searches for “flu” is actually sick, but a pattern emerges when all the flu-related search queries are added together. We compared our query counts with traditional flu surveillance systems and found that many search queries tend to be popular exactly when flu season is happening. By counting how often we see these search queries, we can estimate how much flu is circulating in different countries and regions around the world.

Seems like a perfect use of the 500 million plus Google searches made each day. There’s a reason GFT became the symbol of big data in action, in books like Kenneth Cukier and Viktor Mayer-Schonberger’s Big Data: A Revolution That Will Transform How We Live, Work and Think. But there’s just one problem: as a new article in Science shows, when you compare its results to the real world, GFT doesn’t really work.

GFT overestimated the prevalence of flu in the 2012-2013 and 2011-2012 seasons by more than 50%. From August 2011 to September 2013, GFT over-predicted the prevalence of the flu in 100 out 108 weeks. During the peak flu season last winter, GFT would have had us believe that 11% of the U.S. had influenza, nearly double the CDC numbers of 6%. If you wanted to project current flu prevalence, you would have done much better basing your models off of 3-week-old data on cases from the CDC than you would have been using GFT’s sophisticated big data methods. “It’s a Dewey beats Truman moment for big data,” says David Lazer, a professor of computer science and politics at Northeastern University and one of the authors of the Science article.

Just as the editors of the Chicago Tribune believed it could predict the winner of the close 1948 Presidential election—they were wrong—Google believed that its big data methods alone were capable of producing a more accurate picture of real-time flu trends than old methods of prediction from past data. That’s a form of “automated arrogance,” or big data hubris, and it can be seen in a lot of the hype around big data today. Just because companies like Google can amass an astounding amount of information about the world doesn’t mean they’re always capable of processing that information to produce an accurate picture of what’s going on—especially if turns out they’re gathering the wrong information. Not only did the search terms picked by GFT often not reflect incidences of actual illness—thus repeatedly overestimating just how sick the American public was—it also completely missed unexpected events like the nonseasonal 2009 H1N1-A flu pandemic. “A number of associations in the model were really problematic,” says Lazer. “It was doomed to fail.”

Nor did help that GFT was dependent on Google’s top-secret and always changing search algorithm. Google modifies its search algorithm to provide more accurate results, but also to increase advertising revenue. Recommended searches, based on what other users have searched, can throw off the results for flu trends. While GFT assumes that the relative search volume for different flu terms is based in reality—the more of us are sick, the more of us will search for info about flu as we sniffle above our keyboards—in fact Google itself alters search behavior through that ever-shifting algorithim. If the data isn’t reflecting the world, how can it predict what will happen?

GFT and other big data methods can be useful, but only if they’re paired with what the Science researchers call “small data”—traditional forms of information collection. Put the two together, and you can get an excellent model of the world as it actually is. Of course, if big data is really just one tool of many, not an all-purpose path to omniscience, that would puncture the hype just a bit. You won’t get a SXSW panel with that kind of modesty.

A bigger concern, though, is that much of the data being gathered in “big data”—and the formulas used to analyze it—is controlled by private companies that can be positively opaque. Google has never made the search terms used in GFT public, and there’s no way for researchers to replicate how GFT works. There’s Google Correlate, which allows anyone to find search patterns that purport to map real-life trends, but as the Science researchers wryly note: “Clicking the link titled ‘match the pattern of actual flu actvity (this is how we built Google Flu Trends!)’ will not, ironically, produce a replication of the GFT search terms.” Even in the academic papers on GFT written by Google researchers, there’s no clear contact information, other than a generic Google email address. (Academic papers almost always contain direct contact information for lead authors.)

At its best, science is an open, cooperative and cumulative effort. If companies like Google keep their big data to themselves, they’ll miss out on the chance to improve their models, and make big data worthy of the hype. “To harness the research community, they need to be more transparent,” says Lazer. “The models for collaboration around big data haven’t been built.” It’s scary enough to think that private companies are gathering endless amounts of data on us. It’d be even worse if the conclusions they reach from that data aren’t even right.

Your browser, Internet Explorer 8 or below, is out of date. It has known security flaws and may not display all features of this and other websites.

Learn how to update your browser
Follow

Get every new post delivered to your Inbox.

Join 46,484 other followers