TIME technology

Hackers Unveil Their Plan to Change Email Forever

"They’re going to keep coming after us,” Ladar Levison, creator of an encrypted email service used by Edward Snowden, said at Defcon on Friday

The creator of an ultra-secure email service once said to be used by Edward Snowden unveiled his next project at a major hacker conference Friday: he and others like him want to change the very nature of email forever.

Ladar Levison, creator of the Lavabit encrypted email provider, was forced in August of last year to give investigators access to an account reportedly used by Snowden, the National Security Agency leaker, after a tug-of-war with federal authorities. But rather than compromise the privacy of his other 400,000-plus email users, Levison says, he shut the entire project down. A similar encrypted email provider, Silent Circle, took heed and shuttered its own service to pre-empt any federal authorities that might come demanding information from it as well.

Out of those ashes, Levison and others launched the Dark Mail project, which is developing Dime, a set of new email protocols its creators hope will revolutionize the way the world communicates online.

“If I sound a little bit upset, it’s because I am,” Levison told a packed ballroom Friday at Defcon, a top hacker conference held annually in Las Vegas.

“I’m not upset that I got railroaded and I had to shut down my business,” said Levison. “I’m upset because we need a Mil-Spec [military grade] cryptographic mail system for the entire planet just to be able to talk to our friends and family without any kind of fear of government surveillance.”

Levison devoted much of his talk to arguing there’s a need for a secure emailing system in a world where government entities like the NSA have broad legal authority — and even broader technical capabilities — to conduct surveillance en masse, both in the U.S. and abroad. “With the type of metadata collection that’s going on today, we have guilt by association,” he said. “Imagine being put on a no-fly list because you happen to sit next to a criminal at a convention like this.”

Jon Callas, chief technology officer of Silent Circle and a co-founder of the Dark Mail project, told TIME that “the biggest problem we have today with email is that it was designed in the early 1970s and it was not designed for the problems we have today. Even the standard email encryption that we have today protects the content but not the metadata.”

Metadata — information like the identity of the sender or the time and date a message was sent — has been a key target of NSA surveillance. “Ironically, we have been protecting the stuff that they’re not collecting,” Callas said.

Dime uses multiple layers of cryptography — think Russian nesting dolls — to protect an email’s content and metadata from beginning to end as an email is passed through the Internet from a sender to a recipient, or recipients. The idea is to create an email system in which no service provider has all the information about a message, so there is no entity (like Lavabit, for example) for federal authorities to come down on.

“Each doll is labeled only with the stuff that is needed,” Callas told TIME. “So if you’re on Google, you get a doll that says ‘This doll came from Yahoo.’ Then you hand it to the next layer and they open it up and say, ‘This is for Alice.’ Then when Alice opens it up, Alice gets the whole message. But all along the way, my system only knows that it’s supposed to go to Google, not that it’s for Alice … It separates stuff up so that you don’t end up in a situation where anybody along the path knows everything,” Callas said.

Dime’s creators hope that enough people will begin using the service on their own that a major email service provider, like Google, Yahoo or Microsoft — all of whom are already exploring ways to better encrypt users’ messages — adopts it and it snowballs from there. Ultimately, what the Dark Mail project is aiming for is nothing less than a complete transformation of the way email works on planet Earth.

“It all has to be rebuilt,” Callas said.

TIME Retail

Amazon Publishes Hachette CEO’s Email in Latest Salvo Over E-Book Pricing

Amazon Unveils Its First Smartphone
Amazon.com founder and CEO Jeff Bezos. David Ryder—Getty Images

One author called the move 'overtly divisive'

Updated at 2:05 p.m.

In its latest move in an escalating battle over e-book pricing, Amazon attacked book publisher Hachette in a strongly-worded letter Saturday which includes the Hachette CEO’s email address and encourages authors to contact him directly.

Amazon and Hachette have been locked in a duel over the pricing of e-books. Amazon argues their price should be lower, while Hachette’s holding out for higher prices. Hachette’s camp has also accused Amazon of making it more difficult for customers to find and buy books from publishers with which Amazon is negotiating new terms.

In its letter, the Seattle-based online retailer reiterated its case for lower e-book pricing, saying that because of the absence of shipping, handling and printing costs, “e-books can and should be less expensive.” On top of that, Amazon has argued that e-books are just 1% of the revenue of Hachette’s parent company, and that the company could agree to Amazon’s demands with little financial impact.

In its letter, Amazon compared e-books to the advent of paperback books, which it said aroused resistance from authors like George Orwell who ostensibly argued paperback books would ruin the industry. “Fast forward to today, and it’s the e-book’s turn to be opposed by the literary establishment,” Amazon says in its letter.

(In fact, George Orwell was not opposed to paperback books, and Amazon’s letter quotes the 1984 author misleadingly, as the New York Times reports. Orwell also was ambivalent about lowering book prices, calling cheaper books a “disaster” for authors and publishers.)

Amazon’s note also urges authors to email Hatchette CEO Michael Pietsch with specific talking points and publicly disclosed Pietsch’s email address.

“We will never give up our fight for reasonable e-book prices,” reads Amazon’s letter. “We know making books more affordable is good for book culture. We’d like your help. Please email Hachette and copy us.”

One author who received the letter and has published e-books through Amazon spoke out against the company’s tactics.

“It’s overtly divisive, pitting authors against one another,” San Francisco-resident Ron Martinez told the Wall Street Journal of Amazon’s latest salvo. Martinez is the CEO of an e-book discoverability service. “It’s astonishingly poor form to publish an executive’s email.”

Amazon’s letter comes just after over nine hundred authors signed a separate message to Amazon calling on the company to stop blocking the sale of Hachette books. Literary icons Malcolm Gladwell, Stephen King, Douglas Preston, Robert A. Caro, Junot Díaz, Malcolm Gladwell, Lemony Snicket (the pen name of Daniel Handler), Michael Chabon, Michael Lewis, and Jon Krakauer are just a smattering of the names who signed that note, the New York Times reports.

The authors’ letter, which also publicly discloses Jeff Bezos’ email address, is set to run as a full-page ad in the Times this weekend.

TIME Security

Here’s How the Feds Are Teaming Up With Hackers to Save Us All from Robocalls

Hacking Conference
Hackers participating at the 2011 Defcon conference in Las Vegas, Aug. 5, 2011. Isaac Brekken—AP

The FTC wants hackers to build "honeypots" to defeat a robocaller named Rachel

The Federal Trade Commission is at one of the world’s biggest hacker conferences this weekend, where hackers are competing to help save us all from robocalls.

No one has ever seen her, but she may have the most infamous voice in America. “Rachel” is the most prolific robocall bot in the United States, and the FTC has turned to some of the best hackers in the world to try to stop her. At Defcon—one of (if not the) biggest hacker conferences on earth—the agency is hosting a three-phase competition to build a “honeypot” to lure and catch robocallers in the act. The “Zapping Rachel” competition is handing out $17,000 in cash prizes to winners of three competitions: one to build a honeypot, one to attack a honeypot to find its vulnerabilities, and one to analyze data a honeypot collects on robocalls.

A honeypot is essentially an information system that can collect information about robocalls,” said Patti Hsue, a staff attorney representing the FTC at Defcon. “How it’s designed, how it operates is completely up to the designer.”

As with many happenings at a conference of hackers, the technical details can get complex fast. But the basic idea is familiar to any fan of spy fiction—in espionage a honeypot is a trap in which a mark, like a secret agent, is lured into a trap by sexual seduction (think of about half the vixens who show up in James Bond flicks). In this case, hackers are building and testing the honeypot. Rachel and her ilk are the mark.

“It’s ‘Rachel from Cardholder Services.’” Hsue said. “She is one of the most, I think, hated voices in the U.S. We get so many complaints against Rachel and her clones or her minions or whatever you want to call them. There are a lot of companies that try to perpetrate the same scam using the same, you know, pickup line.”

The Robocall problem has become markedly worse in the last decade, as the Internet has matured and become increasingly intertwined with a digitized phone system. Under FTC regulations, all robocalls to cell phones are illegal, as are unsolicited robocalls to any phone number on the federal Do Not Call registry. The FTC does have its own honeypot already, but the agency won’t comment on it beyond the fact of its existence.

Just how many illegal robocalls are made in the U.S. is difficult to pin down. The best data the FTC has on robocalls comes from complaints the agency receives regarding violations of the Do Not Call registry. In 2009, the FTC received 1.8 million complaints for violations of the registry; in 2011, 2.3 million complaints. In 2013, with about 223.4 million phone numbers on the registry, the FTC received 3.75 million complaints. And that only represents people who take the time to file a formal complaint. Many others surely just let out a disgusted huff and hang up the phone.

From among all those millions of illegal robocalls made to Americans, the FTC has brought a little over 100 enforcement actions against violators. It’s not that regulators aren’t trying, but making a robocall these days is extremely easy from a technical perspective, while busting a robocaller—not to mention bringing legal action against one—is quite difficult.

Which is why the FTC has turned to a community of hackers at a conference notorious—somewhat unfairly—for activity that stretches the bounds of legality. The top competitors will be announced Sunday, though final winners won’t be announced until a later date.

E1nstein—a.k.a. Hugo Dominguez, Jr. to people outside of the hacker scene, a naval reservist who works in IT—is competing in phase 2 of the competition, testing a honeypot for flaws by trying to circumvent the technology, place an undetected call to a honeypot, or provide false information about the origin of the call.

“That’s something I’m good at,” he said. “I’m able to find flaws in things whether it’s physical security or technology. Anything.”

TIME Gadgets

Here Come the iPhone 6 Rumors

Here's a look at what you can expect when Apple announces the iPhone 6

Both Bloomberg and the Wall Street Journal report that Apple will unveil its two new iPhones at a Sept. 9 event.

According to reports, the iPhone 6 will come in two sizes, a 4.7″ and a 5.5″ screen size. This will help Apple in its efforts to appeal to a larger market internationally, where the desire for larger screens have hurt its sales in the global market.

Mac Rumors has said the newest iPhone to be debuted from Apple will be thinner and lighter with an updated processor.

TIME Security

Yahoo Is Making It Harder for the NSA to Read Your Emails

Encryption will help your messages stay private

Yahoo announced Thursday it will encrypt its email service by early next year, joining Google and Microsoft in an effort to create an email system that prevents government officials and hackers from reading users’ messages. It’s a major step for Yahoo in the wake of the Edward Snowden leaks, and it reflects the commitment of the major technology companies to securing users’ data.

With Yahoo’s announcement, first reported by the Wall Street Journal, email encryption will protect nearly one billion email users. There are 110 million Yahoo email users and over 425 million unique users of Google’s Gmail service. Microsoft says there are over 400 million active Outlook.com and Hotmail accounts. Widespread email encryption of the kind Yahoo is announcing is a huge blow to government surveillance techniques, like those employed by the National Security Agency.

“For Internet users, this is a huge deal,” said Jeremy Gillula, staff technologist at the Electronic Frontier Foundation. “Before, the NSA was able to easily gather up tons and tons of email.” But, with Yahoo’s planned encryption service, “the NSA can’t read and analyze everyone’s emails without discernment,” Gillula said.

Yahoo will base its encryption on what’s known as PGP (Pretty Good Privacy) encryption, which relies on every user having both a public and private encryption key. The public encryption key, to which any other email user will have access, encrypts plain email text into a complicated code. Then a user’s private code decrypts the code back into plain text when it arrives in their inbox. Each of the keys act almost like x and y variables in an equation: even though you know the public key x, you won’t be able to break the equation, because you still need the private key y. Essentially, the only people who can read your emails become you and the person to whom you’re sending them.

The tech titans’ steps towards encryption means that email users can be confident the only people reading their emails are the intended recipients. But for major tech companies, it also means regaining customers’ trust — particularly abroad, where intense scrutiny over American companies’ vulnerability to National Security Agency snooping could lead firms like Oracle, IBM and Hewlett-Packard to lose billions of dollars in contracts.

There are holes in the big technology companies’ encryption plans, however. Encryption doesn’t protect subject lines, or the data about who sends and receives messages, the Wall Street Journal reports. That leaves your email about as vulnerable as your phone records under the NSA’s mass collection of calling metadata—most of the content of your messages is safe, but who you called is not.

On top of that, the NSA is working on ways to circumvent different kinds of encryption used to protect emails and financial transactions, according to documents that Snowden leaked last year. U.S. and British intelligence agencies have already cracked some of the online encryption methods hundreds of millions of people use to protect their data, the Guardian and others reported last year. And the NSA is quietly working on a super powerful quantum computer intended to break encryption codes.

However, says the Electronic Frontier Foundation’s Gillula, Yahoo is likely to be clever about what kind of encryption it uses, and PGP encryption is still thought to prevent mass sweeps of large volumes of email — even if the NSA can already crack PGP encryption, as some commentators believe, using it will almost certainly slow the agency down, while protecting emails from lesser-equipped would-be snoopers.

“Now the NSA has to think about what they want to collect, as opposed to searching through everyone’s email and doing it in a mass way,” said Gillula.

Yahoo still has to figure out the details of its planned encryption program. Will it store the private keys on its own servers, making them vulnerable to internal theft and sweeping government warrants? Or will it allow each email user to store the private keys locally, adding a level of inconvenience for users? Whatever Yahoo decides to do, its announcement is a major step forward for Internet privacy, and likely unwelcome news for the intelligence community.

TIME China

China Cracks Down on Public Figures’ Online Political Posts

CHINA-IT-TELECOMMUNICATION-TENCENT
This photo illustration taken on March 12, 2014 shows the logo of Chinese instant messaging platform called WeChat on a mobile device which has taken the country by storm in just three years. PETER PARKS—AFP/Getty Images

Only official news organizations can now post political news on WeChat

Chinese actors, pop stars and other popular figures with public accounts on one of the country’s most popular social media platforms will no longer be allowed to post or share political news, according to restrictions issued Thursday by China’s State Council Information Office (SCIO).

Under China’s first rules that target instant messaging services, holders of public WeChat accounts, similar to verified pages on Facebook, must also sign an agreement to abide by “the socialist system” and “national interests,” among other principles paramount to what Beijing officials have called “a clean cyberspace,” according to the state-run Xinhua News Agency. These users will additionally be required to use their real name, confirmed by a background check.

Only approved news organizations and other authorized websites can post or share political news on the social media platform, owned by Tencent Holdings, officials said. Chinese officials added that organizations like People’s Daily, CCTV, Xinhua News—all run by the Chinese government—have been allowed to disseminate news to promote authenticity and accuracy.

Tencent said Thursday that it has deleted about 400 of WeChat’s 5.8 million public accounts and 3,000 articles found to be “spreading rumors,” but it was unclear if the shutdowns were related to the new policies, according to the Wall Street Journal.

The latest effort to limit public discourse and dissent, the WeChat crackdown follows those on Weibo—China’s answer to Twitter—when the Chinese government announced in May it would strip content linked to “infiltration from hostile forces at home and abroad.” Largely meant to discourage political rumors and discussion, the Weibo restrictions pushed millions of users to turn to WeChat, which, at the time, had been known as a freer, safer space for debate.

Some Chinese citizens have praised the efforts for being timely, though their opinions appear to be in the minority, and were promulgated through state-controlled media platforms.

“Users with ulterior motives will be deterred by the laws and regulations,” according to a column that originally appeared in Xinhua. “Good rain knows when it’s spring.”

Still, other Chinese citizens, particularly those with public accounts, took to media outlets not owned by the Chinese government to express concern. Wang Guanxiong, owner of a public WeChat account that posts about current affairs, told the South China Morning Post that “the rules are aimed at supporting government-backed media companies, while discouraging individual publishers, some of whom have gained much social influence.”

China has recently restricted other social media applications like Line and KakaoTalk.

 

 

 

TIME Innovation

IBM’s New Processor Sounds More Brain-Like Than Ever

Imagine assistive glasses for the visually impaired that can help them navigate through complex environments—without the need for a wi-fi connection.
Imagine assistive glasses for the visually impaired that can help them navigate through complex environments—without the need for a wi-fi connection. IBM

IBM unveils a new processor that sips a fraction of the energy today's processors do, but that can deliver radically greater returns on a brain-like synaptic scale.

IBM’s splashy new “brain” chip, TrueNorth, is actually nothing like a real human brain — it’s not going to admire the pointillistic works of Van Gogh, much less fall in love with you before absconding to frolic with a new race of godlike machine beings ala Her — but it is a remarkable-sounding next step in the direction of brain-like computers that mimic the synaptic conversation actual brains have been having for eons.

The chip, designed over the past decade and part of IBM’s TrueNorth computing architecture, is detailed in the August 8 issue of Science, and it’s based on a principle that’s been around for decades known as neuromorphic engineering. That’s a fancy way of describing a system that mimics the biological nervous system, including (though not limited to) biological brains.

TrueNorth is IBM’s stab at a neuromorphic processor, something its authors describe as an “efficient, scalable and flexible non-von Neumann architecture.” John von Neumann came up with the basic architecture for how you’d go about running a digital processor in the 1940s, and it’s that essentially linear notion that forms the basis for the computers we’re still using today.

But linearity has its disadvantages: today’s processors are epically faster than human brains at crunching massively complex mathematical equations, say simulating weather patterns or calculating all the gravitational vectors involved in soft-landing a rover on Mars. But they’re utterly dimwitted at attempting contextual feats we humans perform with ease, say picking a voice out of a crowd or deciding which type of wine goes best with a meal.

That’s where the notion of brain-like parallelism comes in, itself a well-established idea in computing, but TrueNorth is about scaling it to unprecedented levels. The processor simulates a brain with one million neurons and 256 million synapses — about the crunch-power of a honey bee or cockroach — fueled by an on-chip network of 4,096 neurosynaptic cores. That adds up to a 5.4 billion transistor processor — the largest chip IBM’s yet built — but one that sips a mere 70 milliwatts of power during realtime operations, or four orders of magnitude fewer than conventional chips today. Altogether, the chip can perform 46 billion synaptic operations per second, per watt, says IBM.

IBM

Think of it as a little like the old left brain, right brain relationship: language and analytic thinking are left (von Neumann architecture) while sense and pattern recognition are right (neuromorphic processors). And that’s just the start, says IBM, noting that in the years to come, it hopes to bring the two together “to create a holistic computing intelligence.”

While we’re waiting for our holistic machine overlords to take over, what can TrueNorth do after developers have figured out what to design for it? How about improving visual and auditory tasks traditional computers presently stumble over?

As IBM Fellow Dharmendra Modha writes, “The architecture can solve a wide class of problems from vision, audition, and multi-sensory fusion, and has the potential to revolutionize the computer industry by integrating brain-like capability into devices where computation is constrained by power and speed.” Notice the way Modha describes the chips as complementary: the strategy with TrueNorth out of the gate looks to be integrative rather than one of displacing the processors in our smartphones, tablets and laptop computers.

Again, it’s important to bear in mind that TrueNorth isn’t a brain. As Modha himself notes, “we have not built the brain, or any brain. We have built a computer that is inspired by the brain.” But it’s an important step forward: another rung on a ladder that’s as high as our hopes of perhaps someday creating computer-like beings in our own image, or ones better still.

TIME deals

Facebook Buys Tech-Security Startup PrivateCore

The social-media giant plans to bolster its servers’ protection

Facebook has acquired cybersecurity firm PrivateCore in the hope of thwarting off security threats against its servers and users.

“I’ve seen how much people care about the security of data they entrust to services like Facebook,” wrote Joe Sullivan, Facebook’s chief security officer, in a Facebook post on Thursday.

“[PrivateCore’s] vCage technology protects servers from persistent malware, unauthorized physical access, and malicious hardware devices, making it safer to run any application in outsourced, hosted or cloud environments,” he added.

Terms of the deal were not announced, but media reports say Palo Alto, Calif.–based PrivateCore received $2.3 million in investment from TEEC Angel Fund and Foundation Capital.

Oded Horovitz, CEO and founder of PrivateCore, expressed his excitement over the acquisition in a statement. “Working together with Facebook, there is a huge opportunity to pursue our joint vision at scale with incredible impact.”

“Over time, Facebook plans to deploy our technology into the Facebook stack to help protect the people who use Facebook,” he added.

TIME Security

Off the Battlefield, Hackers Are Waging Cyberwar Against Israel and Palestine

Hacktivist attacks against Israel quintupled as violence swept across Gaza, but are the hackers doing any damage?

Fighting in the Gaza Strip hit a lull this week as a 72-hour cease-fire ends its third and final day Thursday — but a digital war has still been raging as hackers pay little mind to the temporary truce. Cyberattacks directed against Israel have increased dramatically since it invaded Gaza in early July, intensifying last month as the violence peaked, according to a report released this week by the security research firm Arbor Networks.

Websites of Israeli civilian governmental agencies, financial services and military agencies—including the legendary intelligence agency Mossad and the Prime Minister’s office—were targeted as part of the sharp uptick in attacks that began in July, when the total number of strikes increased by 500%.

Whether those online attacks had much of an impact, however, is a subject of debate. U.S. House Intelligence Committee Chairman Mike Rogers Mike Rogers (R-Mich.) warned in an interview on CBS News’ Face the Nation late last month that cyberattacks against Israeli websites could present a risk to the country’s security. “So far I think Israel has done a great job of defending from these cyberattacks, but the sheer volume and intensity as it grows could spread from what is a conflict between Israel and Gaza to some cybereffort to try to shut these operations down, and that’s always a concern,” Rogers said.

But some experts said the attacks were doing little substantial harm against the Israeli government. The attacks are primarily targeting external, user-facing websites, perhaps increasing the time it takes to load a webpage or temporarily shutting the page down altogether by jamming up the works with bogus traffic. But the attacks have not yet affected the Israeli agencies’ internal operations, researchers said.

“To be able to do something effective against the [Israeli] government you have to be a very sophisticated hacker,” said Giora Engel, vice president of LightCyber, a security firm that provides security for Israeli government agencies. “A group of activists can’t do any damage.”

Most of the the recent and mostly harmless attacks against prominent Israeli websites are known as Distributed Denial of Service (DDoS) attacks. Carrying out a DDoS involves flooding websites or servers with traffic to deny other, legitimate users access to those websites. Hackers that conduct such attacks usually control a wide array of third-party computers which they instruct to do their bidding; the owners of those machines rarely know their devices are even involved.

The number of denial of service attacks against Israel increased from an average of 30 per day in June, before the violence began, to 150 per day in July, while the armed conflict raged on. The number of attacks peaked on July 21, with a total of 429 attacks. Researchers haven’t been able to definitively track the attacks back to any particular groups, but the timing of the incidents correlate with rising violence.

“There’s a clear increase not only in number of attacks but in the size of attacks and how long they’re lasting,” said Kirk Soluk, manager of threat intelligence and response at Arbor. “Interestingly enough, when there’s a cease-fire, the attacks seem to drop off.”

Cyber attacks have increasingly accompanied political conflicts in recent years, with actors like the Syrian Electronic Army notoriously hacking BBC News, eBay and other sites. There has also been an increase in attacks associated with recent disputes over the South China Sea.

In the case of the recent attacks against Israel, Arbor said the third-party computers used to strike Israeli government sites are scattered across the globe in countries including the U.S., Myanmar, Russia, Mexico, Great Britain, and others. However, that does not mean the attacks originated in those countries—it just means those are the locations of computers hackers have commandeered to stage attacks against Israel.

So where are the attacks coming from? One clue could be that the structure of the attacks bears a resemblance to a certain kind of attack that targeted U.S. banks en masse in 2012, Arbor said. U.S. security forces later linked those attacks to Iranian hackers. Meanwhile, the hacking group Anonymous claimed to have attacked Israeli sites, but it’s unclear if the organization is just taking credit for others’ work.

The attacks appear not just to be one-sided, however, as an Israeli civilian group called the Israeli Elite Force (IEF) has said that it’s attacking Palestinian websites. In the early days of the figthing, the IEF regularly updated its Twitter with reports of attacks on Palestinian websites, posting email addresses of what it said were login codes at the Palestinian Ministry of Health.

If a cease-fire holds and violence ends, cyberattacks may dwindle in the short term, but hacking has become a permanent feature in conflicts. “Cyber has joined land, air, sea, and space as the fifth domain of modern warfare,” said Chris Petersen, the co-founder of security firm LogRhythm.

TIME Video Games

What if Academic Tests Were Video Games?

Digital Vision / Getty Images
Digital Vision / Getty Images

No, The Legend of Zelda won't replace the ACT or SAT anytime soon, but imagine a world in which archaic standardized tests (and perhaps even the notion of a final exam) were replaced by realtime, inherently evaluative experiences that bettered the learning process itself.

It’s been so long since I sat through a standardized test, I’ve forgotten most of the rigmarole. I blame “selective stupefaction,” my made-up-psychology term for when your brain decides some feat you had to perform long ago is too mind-numbing to remember.

What memories remain are of humming florescent overheads, cathedral-sized collegiate halls (with none of a cathedral’s architectural charm), scores of students hunched over fold-down slabs of laminate, scattershot coughs or harrumphs, the smell of must and cologne and perturbation, and — who could forget — the instructor pacing the rows like a bipedal security camera.

I was okay at, but slightly terrified of, standardized tests, one of those kids who’d glance up at the ticking clock and freeze like an animal in someone’s headlamps. But I’m pretty good at video games, and over the last decade-plus, I’ve come to prefer the sort (rare, still, granted) whereby the experience informs or impacts some broader aspect of my life, in lieu of merely improving my hand-eye coordination.

So what if tests could be video games like that, or at least more video game-like?

NPR’s Education blog wonders the same, exploring why people play and how play-based instructional design relates to learning. Well-wrought video games of all stripes are already learning factories, replete with rewardable variables like player initiative and creative expression, strategic and tactical thinking, curiosity and exploration, social bonding and judgement or ethical behavior and reflection. One of the critiques of standardized tests is that they measure human intelligence too narrowly, that they ignore all of the other multifaceted ways in which humans acquire and thoughtfully apply knowledge. Games, of course, have been measuring elements of the latter for decades.

The sort of standardized academic tests I took in the 1990s were assessment based, designed (you could argue crudely) to measure your ability to memorize and regurgitate things, extrapolate from narrative passages and apply algorithmic thinking to math-based problems.

What if those tests were simultaneously the learning tool, or the learning process, a kind of implicit, ongoing test that offered the sort of realtime, adaptive feedback a game can? What if what we’re learning from game design now could eventually improve or supplant the kinds of standardized tests we’re still using as empirical benchmarks today?

Consider a multiple choice test with its mundane sentences and lettered selections stacked in row after numbered row: an avalanche of organized banality. Now imagine that test if the words were baked (literally or conceptually) into an experience that was interactive and improvisational — an experience that since words by themselves are the ultimate abstraction (see Scott McCloud’s Understanding Comics), was less removed from reality.

“Is a video game a test or a learning encounter? It’s both,” Arizona State professor James Paul Gee tells NPR, adding that in a video game, “you’re always being tested — you can’t get out of a level until you finish it.”

Play-related experiences can provide insight not just into someone’s ability to check the right box, but also into the deductive process whereby they come to that decision in the first place, argues Stanford psychometrics professor Dan Schwartz. Schwartz says the latter is far more important than testing a student’s ability to momentarily dredge up bits of information, or apply a formula by rote to solve a problem.

The idea, Schwartz tells NPR, is to design games that require students to learn, “So they’re not just measures of what the student already knows, but attempts to measure whether they are prepared to continue learning when they’re no longer told exactly what to do.”

Could you design an academic test that worked as a video game and both better educated students and provided educators with a better sense of their students’ learning challenges? When you think out past the cultural hinterlands of decades-old standardized tests (including some that have been with us for nearly a century), play-based experiences that can both measure and refine our ability to learn deserve to be taken just as seriously.

Your browser, Internet Explorer 8 or below, is out of date. It has known security flaws and may not display all features of this and other websites.

Learn how to update your browser