tag:theconversation.com,2011:/africa/topics/gmail-6747/articlesGmail – The Conversation2019-10-30T22:38:25Ztag:theconversation.com,2011:article/1250572019-10-30T22:38:25Z2019-10-30T22:38:25ZMaking email more efficient means answering more emails even faster<figure><img src="https://images.theconversation.com/files/299320/original/file-20191029-183132-1xsco0j.jpg?ixlib=rb-1.1.0&rect=0%2C0%2C6016%2C4016&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Responding to the ever-growing amount of email can be a stress-inducing job task. </span> <span class="attribution"><span class="source">(Shutterstock)</span></span></figcaption></figure><p>If you’re a Gmail user, you might have recently noticed a ghost-like presence in your email account. It’s light grey, and it comes and goes, sometimes when you’re not expecting it. And, like most ghost sightings, glimpses of it have been reported to be a little creepy.</p>
<p><div data-react-class="Tweet" data-react-props="{"tweetId":"1045302622553436161"}"></div></p>
<p>This is <a href="https://www.blog.google/products/gmail/subject-write-emails-faster-smart-compose-gmail/">Smart Compose</a>, the word-prediction feature leveraging artificial intelligence (AI) that Gmail launched in 2018. Trained on <a href="https://ai.googleblog.com/2018/05/smart-compose-using-neural-networks-to.html">billions of data points</a> (<a href="http://doi.org/10.32855/fcapital.201101.006">including yours, probably</a>), Smart Compose’s purpose is to predict words as you type, to “<a href="https://www.blog.google/products/gmail/smart-compose-comes-pixel-3-and-four-new-languages/">help you write emails even faster while you’re on the go</a>.” </p>
<p>But if there’s something truly unnerving about the spectral Smart Compose, it’s not its eerily good predictive accuracy. Its uncanniness stems from what the AI suggests we, as email users and writers, might be willing to ghost. </p>
<h2>Email efficiency</h2>
<p>According to Google, Smart Compose is intended to save time. The 2018 blog post that introduced the feature emphasized how time-consuming it can be to write email and, therefore, how welcome a tool to speed up the task. In October 2018, Gmail proudly announced that Smart Compose “<a href="https://twitter.com/gmail/status/1052588273716142081">saves people from typing over 1 [billion] characters each week</a>.” In June 2019, this number doubled, and the “savings” were publicized on Twitter and in Sundar Pichai’s — Google’s Chief Executive Officer’s — <a href="https://abc.xyz/investor/founders-letters/2018/">letter to shareholders</a>. </p>
<p><div data-react-class="Tweet" data-react-props="{"tweetId":"1141755368680411136"}"></div></p>
<p>But while Smart Compose <a href="https://www.elitedaily.com/p/this-new-gmail-smart-compose-feature-is-so-accurate-that-people-are-freaked-out-12139827">users rave about its accuracy</a> and Gmail promotes its time-saving superpowers, there’s a paradox to consider. Smart Compose promises to free us from the drudgery of email, but it’s actually ensuring that email never goes away.</p>
<p>By speedily providing predictions and eliminating keystrokes, Smart Compose claims to save users’ time. And it just might, so long as we’re talking about the speed with which we can write a single message. However, the fundamental nature of automation is this: <a href="https://www.nber.org/chapters/c14027">as speed increases, so does workload</a>. Smart Compose might succeed in paring down the time required to write a single email, but it also succeeds in increasing a user’s overall capacity.</p>
<p>If there’s one thing Smart Compose accurately predicts, it’s not words. It’s behaviour — not only a continued reliance on email but also (as if this were possible) even higher social expectations for swift sends and replies.</p>
<h2>Ghost compositions</h2>
<p>Ruminating on email’s role in everyday life may be less exciting than some of the <a href="https://www.vice.com/en_us/article/pavdwm/google-smart-compose-time-saving">other debates surrounding Smart Compose</a>, but it’s no less important. Given the <a href="https://doi.org/10.1016/j.chb.2014.02.006">mental-health risks that researchers have documented around the perceived need to be constantly connected</a>, the first question we have to ask when it comes to AI and automation is: What behaviors and outcomes do they invite?</p>
<p>For example, <a href="https://newsroom.carleton.ca/archives/2017/04/20/carleton-study-finds-people-spending-third-job-time-email/">researchers at Carleton University</a> reported that Canadians in the workplace spend nearly one-third of their work week writing or replying to email. This activity leads to high levels of absenteeism, stress and turnover. </p>
<p>So, what might word-prediction AI encourage by increasing email volume? </p>
<p>If word-prediction AI stands to keep email locked in place, it also stands to keep our eyes locked on the wrong target. Smart Compose is a case in point. Instead of addressing the high-pressure social conventions that have emerged around email, Smart Compose targets writing instead. The AI suggests that the less one writes the better. </p>
<p>We need to think critically through the adoption of arguably irrelevant solutions to technology problems. Not least of all, we need to think through the implications of defining writing and correspondence as activities that need to be “saved” or precluded.</p>
<p><div data-react-class="Tweet" data-react-props="{"tweetId":"1052588273716142081"}"></div></p>
<h2>Freeing time or making work?</h2>
<p>Marketing campaigns like Gmail’s make it easy to overlook the bigger picture. Reminding us of the brain power that goes into composition, the emoji whose head explodes with alpha-numeric characters convincingly suggests that we might be better off with word-prediction AI than we are without it. Opting for Smart Compose, according to this campaign, is simply a smarter bet. And a happier one. </p>
<p>But what is the broader wager?</p>
<p>Seen through a critical lens, Smart Compose seems to double-down on something that digital media scholar Beth Coleman has said: “<a href="https://www.taylorfrancis.com/books/e/9781315730479/chapters/10.4324/9781315730479-22">‘Smart’ is shorthand for outsourcing information and responsibility … we have an opportunity at this turning point to discern between convenience (what looks like more free services) and engagement (what looks like more hard work)</a>.”</p>
<p>That’s something that I, for one, don’t want to see vanish into thin air. </p>
<p>[ <em><a href="https://theconversation.com/ca/newsletters?utm_source=TCCA&utm_medium=inline-link&utm_campaign=newsletter-text&utm_content=thanksforreading">Thanks for reading! We can send you The Conversation’s stories every day in an informative email. Sign up today.</a></em> ]</p><img src="https://counter.theconversation.com/content/125057/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Crystal Chokshi does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Google’s Smart Compose feature is meant to help deal with the deluge of email, but does it increase the pressure to respond quicker?Crystal Chokshi, PhD Candidate, Department of Communication, Media and Film, University of CalgaryLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/814342017-09-11T00:40:41Z2017-09-11T00:40:41ZThe only safe email is text-only email<figure><img src="https://images.theconversation.com/files/185136/original/file-20170907-9599-1mirisc.png?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">For safety, look to text-only messaging.</span> <span class="attribution"><span class="source">The Conversation, via picascii.com, publicdomainpictures.net and kelvinsong</span>, <a class="license" href="http://creativecommons.org/licenses/by-nd/4.0/">CC BY-ND</a></span></figcaption></figure><p>It’s troubling to think that at any moment you might open an email that looks like it comes from your employer, a relative or your bank, only to fall for a <a href="http://gizmodo.com/a-huge-and-dangerously-convincing-google-docs-phishin-1794888973">phishing</a> <a href="http://gizmodo.com/beware-of-this-dangerously-convincing-google-docs-phish-1546278702">scam</a>. Any one of the endless stream of innocent-looking emails you receive throughout the day could be trying to con you into handing over your login credentials and give criminals control of your confidential data or your identity.</p>
<p>Most people tend to think that it’s <a href="https://theconversation.com/cybersecuritys-weakest-link-humans-57455">users’ fault</a> when they fall for phishing scams: Someone just clicked on the wrong thing. To fix it, then, users should just <a href="https://theconversation.com/before-decrying-the-latest-cyberbreach-consider-your-own-cyberhygiene-37834">stop clicking on the wrong thing</a>. But as security experts who study malware techniques, we believe that thinking chases the wrong problem. </p>
<p>The real issue is that today’s web-based email systems are electronic minefields filled with demands and enticements to click and engage in an increasingly responsive and interactive online experience. It’s not just Gmail, Yahoo mail and similar services: Desktop-computer-based email programs like Outlook display messages in the same unsafe way. </p>
<p>Simply put, safe email is plain-text email – showing only the plain words of the message exactly as they arrived, without embedded links or images. <a href="http://cromwell-intl.com/cybersecurity/html-email.html">Webmail is convenient for advertisers</a> (and lets you write good-looking emails with images and nice fonts), but carries with it unnecessary – and serious – danger, because a webpage (or an email) can easily show one thing but do another.</p>
<p>Returning email to its origins in plain text may seem radical, but it provides radically better security. Even the <a href="https://www.us-cert.gov/">federal government’s top cybersecurity experts</a> have come to the startling, but important, conclusion that any person, organization or government serious about web security should <a href="https://www.us-cert.gov/sites/default/files/publications/AR-17-20045_Enhanced_Analysis_of_GRIZZLY_STEPPE_Activity.pdf#page=53">return to plain-text email</a>:</p>
<blockquote>
<p>“Organizations should ensure that they have disabled HTML from being used in emails, as well as disabling links. Everything should be forced to plain text. This will reduce the likelihood of potentially dangerous scripts or links being sent in the body of the email, and also will reduce the likelihood of a user just clicking something without thinking about it. With plain text, the user would have to go through the process of either typing in the link or copying and pasting. This additional step will allow the user an extra opportunity for thought and analysis before clicking on the link.”</p>
</blockquote>
<h2>Misunderstanding the problem</h2>
<p>In recent years, webmail users have been <a href="https://www.consumer.ftc.gov/articles/0003-phishing">sternly instructed</a> to <a href="https://www.wired.com/2017/03/phishing-scams-fool-even-tech-nerds-heres-avoid/">pay perfect attention</a> to <a href="https://www.mcafee.com/us/threat-center/resources/security-tips-13-ways-to-protect-system.aspx">every nuance of every email message</a>. They pledge <a href="http://www.phishing.org/10-ways-to-avoid-phishing-scams">not to open emails</a> from people they don’t know. They say they won’t <a href="https://ssd.eff.org/en/module/how-avoid-phishing-attacks">open attachments without careful vetting</a> first. Organizations <a href="https://www.infosecurity-magazine.com/news/phishing-awareness-grows-but/">pay security companies to test</a> if their employees make good on these pledges. But phishing continues – and is <a href="https://www.scmagazine.com/email-malware-phishing-and-spam-attempts-hit-new-highs-for-2017/article/680281/">becoming more common</a>.</p>
<p>News coverage can make the issue even more confusing. The New York Times called the Democratic National Committee’s email security breach <a href="https://www.nytimes.com/2016/12/13/us/politics/russia-hack-election-dnc.html">somehow both “brazen” and “stealthy,”</a> and pointed fingers at any number of possible problems – old network security equipment, sophisticated attackers, indifferent investigators and inattentive support staff – before revealing the weakness was really a busy user who acted “without thinking much.”</p>
<p>But the real problem with webmail – the <a href="http://www.csoonline.com/article/2975807/cyber-attacks-espionage/phishing-is-a-37-million-annual-cost-for-average-large-company.html">multi-million-dollar</a> security mistake – was the idea that if emails could be sent or received through a website, they could be more than just text, even webpages themselves, displayed by a web browser program. This mistake created the criminal phishing industry.</p>
<h2>Engineered for danger</h2>
<p>A web browser is the perfect tool for insecurity. Browsers are designed to <a href="https://www.theverge.com/2017/9/7/16257470/little-snitch-connection-map-app-vpn-utility">seamlessly mash together content</a> from multiple sources – text from one server, ads from another, images and video from a third, user-tracking “like” buttons from a fourth, and so on. A modern webpage is <a href="https://www.mozilla.org/en-US/lightbeam/">a patchwork of third-party sites</a>, which can number in the dozens. To make this assemblage of images, links and buttons appear unified and integrated, the browser doesn’t show you where the pieces of a webpage come from – or where they’ll lead if clicked. </p>
<p>Worse, it allows webpages – and thereby emails – to lie about it. When you <a href="http://igoro.com/archive/what-really-happens-when-you-navigate-to-a-url/">type “google.com” into your browser</a>, you can be reasonably sure you will get Google’s page. But when you click a link or button labeled “Google,” are you actually heading to Google? Unless you carefully read the underlying HTML source of the email, there are a dozen ways your browser can be <a href="https://textslashplain.com/2017/01/14/the-line-of-death/">manipulated to trick you</a>.</p>
<p>This is the opposite of security. Users can’t predict the consequences of their actions, nor decide in advance if the potential results are acceptable. A perfectly safe link might be displayed right next to a malicious one, with no apparent difference between them. When a user is faced with a webpage and the decision to click on something, there is no reasonable way to know what might happen, or what company or other party the user will interact with as a result. By design, the browser hides this information. But at least, when browsing the web, you can choose to start at a trusted site; webmail, however, delivers an attacker-made webpage right into your mailbox!</p>
<p>The only way to be sure of security in today’s webmail environment is to learn the skills of a professional web developer. Only then will the layers of HTML, Javascript, and other code become clear; only then will the consequences of a click become known in advance. Of course, this is an unreasonable level of sophistication to require for users to protect themselves.</p>
<p>Until software designers and developers fix browser software and webmail systems, and let users make informed decisions about where their clicks would lead them, we should follow the advice of C.A.R. Hoare, one of the early pioneers of computer security: “<a href="https://www.cs.fsu.edu/%7Eengelen/courses/COP4610/hoare.pdf">The price of reliability is the pursuit of the utmost simplicity</a>.”</p>
<h2>Safe email is plain-text email</h2>
<p>Companies and other organizations are even more vulnerable than individuals. One person needs only to worry about his or her own clicking, but each worker in an organization is a separate point of weakness. It’s a matter of simple math: If every worker has that same 1 percent chance of falling for a phishing scam, the <a href="http://www.statisticshowto.com/what-is-a-bernoulli-trial/">combined risk to the company</a> as a whole is much higher. In fact, companies with 70 or more employees have a <a href="https://www.wolframalpha.com/input/?i=69+Bernoulli+trials+probability+0.01">greater than 50 percent chance</a> that someone will be hoodwinked. Companies should look very critically at webmail providers who offer them worse security odds than they’d get from a coin toss.</p>
<p>As technologists, we have long since come to terms with the fact that some technology is just a bad idea, even if it looks exciting. Society needs to do the same. Security-conscious users must demand that their email providers offer a plain-text option. Unfortunately, such options are few and far between, but they are a key to stemming the webmail insecurity epidemic. </p>
<p>Mail providers that refuse to do so should be avoided, just like back alleys that are bad places to conduct business. Those online back alleys may look eye-pleasing, with ads, images and animations, but they are not safe.</p>
<p><em>This article was written in collaboration with cybersecurity researcher and developer <a href="http://blog.erratasec.com/">Robert Graham</a>.</em></p><img src="https://counter.theconversation.com/content/81434/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>The authors do not work for, consult, own shares in or receive funding from any company or organization that would benefit from this article, and have disclosed no relevant affiliations beyond their academic appointment.</span></em></p>It’s impossible to be certain of safety while using Gmail, Yahoo mail and other web-based email systems. The best solution is a radical one: It’s time to return to plain, text-only email.Sergey Bratus, Research Associate Professor of Computer Science, Dartmouth CollegeAnna Shubina, Post-doctoral Associate in Computer Science, Dartmouth CollegeLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/836052017-09-07T14:43:16Z2017-09-07T14:43:16ZLeaked emails: Ramaphosa’s hypocrisy on spying by the South African state<figure><img src="https://images.theconversation.com/files/185057/original/file-20170907-8341-1gjep07.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">South African Deputy President Cyril Ramaphosa claims the country's security agencies hacked his emails.</span> <span class="attribution"><span class="source">GCIS</span></span></figcaption></figure><p>In the run up to the election of the <a href="http://www.anc.org.za/content/54th-national-conference">next president</a> of South Africa’s governing ANC in December, unknown entities are clearly working hard to discredit candidates who have spoken out against <a href="https://theconversation.com/the-threat-to-south-africas-democracy-runs-deeper-than-state-capture-78784">state capture</a>.</p>
<p>The latest dirty tricks have targeted Deputy President Cyril Ramaphosa, who recently <a href="http://www.news24.com/SouthAfrica/News/ramaphosa-launches-campaign-with-attack-on-zuma-guptas-20170423">condemned</a> the capture of the South African state, allegedly by <a href="http://pari.org.za/betrayal-promise-report/">business interests linked to</a> President Jacob Zuma. Someone has <a href="https://www.iol.co.za/sundayindependent/news/ramaphosa-in-womanising-e-mail-shock-11056138">leaked</a> Ramaphosa’s emails from his private Gmail accounts, suggesting that he was having multiple affairs, despite being married.</p>
<p>Ramaphosa has claimed that the fingerprints of the state intelligence services are all over the leaks. He has also <a href="https://www.timeslive.co.za/politics/2017-09-02-intelligence-resources-hacked-my-email-ramaphosa/">located</a> the smear attempt within</p>
<blockquote>
<p>…a broader campaign that has targeted several political leaders‚ trade unionists‚ journalists and civil society activists.</p>
</blockquote>
<p>How much credibility do his claims have? Those responsible could be private actors with no links to the spy agencies. But, no one should be surprised if his allegations of state spying turn out to be correct. </p>
<p>After all, in 2005, state spy agencies were <a href="https://assets.publishing.service.gov.uk/media/57a08baae5274a31e0000cc8/ReviewComm.Sept08.pdf">abused</a> in the bruising succession battle between then President Thabo Mbeki and his rival for the ANC presidency, Jacob Zuma. That behaviour seems to have been sustained.</p>
<p>There are systemic weaknesses in how the state intelligence services are regulated that predispose them to abuse. As a senior member of government, Ramaphosa must take political responsibility for keeping silent about these problems until now.</p>
<h2>Eavesdropping in South Africa</h2>
<p>It’s quite possible that Ramaphosa’s Gmail accounts were hacked. An intrusive piece of hacking software like <a href="http://www.zdnet.com/article/adelaides-accumulus-launches-b-one-hub-smart-home-play/">Finfisher</a> could do the trick. Finfisher is a weapons grade intrusion tool sold exclusively to governments. It is particularly useful for monitoring security conscious and mobile targets who make extensive use of encryption.</p>
<p>The tool allows its operator to take control of a target’s computer as soon as it is connected to the internet. Once the operator does so, it can turn on web cameras and microphones for surveillance purposes, and exfiltrate -withdraw- data from the target’s computer, such as emails.</p>
<p>By 2014, South Africa was the <a href="https://wikileaks.org/spyfiles4/customers.html">third largest named user</a> of Finfisher, after Slovakia and Estonia. </p>
<p>In 2015, the University of Toronto’s <a href="https://www.citizenlab.co/">Citizenlab</a> detected a Finfisher command-and-control server in South Africa. The discovery strongly suggested that the South African government continued to be a Finfisher user.</p>
<p>Leaked <a href="https://wikileaks.org/hackingteam/emails/">emails</a> from Finfisher’s competitor, the Italian-based Hacking Team, also provided evidence that South African government departments were in the market for hacking tools. And South Africa has a <a href="https://www.pressreader.com/south-africa/mail-guardian/20151218/281625304257040">reputation</a> in international intelligence circles for targeting individuals (like journalists, activists and academics) through hacking, rather than engaging in <a href="https://probonomatters.co.za/online-privacy-guide-for-journalists-2017/">mass surveillance</a> of the kind practised by the US and the UK. Tools like Finfisher come in handy.</p>
<h2>Safeguards against abuse</h2>
<p>In spite of their invasiveness, hacking tools are under regulated in South Africa.</p>
<p>There are two communication interception centres in the State Security Agency that the general public knows about. The first is the <a href="http://www.oic.gov.za/">Office for Interception Centres</a>, which handles targeted interceptions approved by a special judge. It is inwardly focused, and provides services to national crime fighting agencies.</p>
<figure class="align-right ">
<img alt="" src="https://images.theconversation.com/files/185069/original/file-20170907-10812-16j7d4l.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=237&fit=clip" srcset="https://images.theconversation.com/files/185069/original/file-20170907-10812-16j7d4l.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=600&fit=crop&dpr=1 600w, https://images.theconversation.com/files/185069/original/file-20170907-10812-16j7d4l.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=600&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/185069/original/file-20170907-10812-16j7d4l.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=600&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/185069/original/file-20170907-10812-16j7d4l.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=754&fit=crop&dpr=1 754w, https://images.theconversation.com/files/185069/original/file-20170907-10812-16j7d4l.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=754&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/185069/original/file-20170907-10812-16j7d4l.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=754&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption"></span>
<span class="attribution"><span class="source">shutterstock</span></span>
</figcaption>
</figure>
<p>The second is the <a href="http://www.mediaanddemocracy.com/uploads/1/6/5/7/16577624/comms-surveillance-nia-swart_feb2016.pdf">National Communications Centres</a>, which monitors the electronic communication. This centre is externally focused. It collects foreign signals intelligence.</p>
<p>While the Office for Interception Centres is established in terms of the <a href="http://www.saflii.org/za/legis/num_act/roiocapocia2002943.pdf">Regulation of Interception of Communications</a> and Provision of Communication Related Information Act <a href="http://www.internet.org.za/ricpci.html">(Rica)</a>, the National Communications Centres has no explicit founding legislation, and no known rules that govern its activities. This is why the current <a href="http://amabhungane.co.za/article/2017-04-20-amab-challenges-snooping-law">court challenge</a> is significant.</p>
<p>In 2008, the European Court of Human Rights <a href="https://www.ilsa.org/jessup/jessup16/Batch%201/WEBER%20AND%20SARAVIA%20v.%20GERMANY.pdf">identified</a> six safeguards for strategic intelligence gathering, to limit the potential for abuses. </p>
<p>It says the law needs to:</p>
<ul>
<li>Spell out the nature of the offences which may give rise to an interception order.</li>
<li>Provide a definition of the categories of people liable to have their telephones tapped.</li>
<li>Limit on the duration of tapping.</li>
<li>Set out the procedure to be followed for examining, using and storing the data obtained</li>
<li>List precautions to be taken when communicating the data to other parties. </li>
<li>Spell out the circumstances in which recordings may or must be erased or the tapes destroyed. </li>
</ul>
<p>South Africa’s laws fail these tests dismally.</p>
<p>There are also no known rules governing the State Security Agency’s use of selectors - the search terms used to process raw communications data - for analysing mass communication. This could lead to abuse. </p>
<h2>Spying on political dissent</h2>
<p>The problem of under regulation does not end with the National Communications Centre. As the country’s civilian intelligence agency, the State Security Agency is meant to develop high level strategic intelligence to inform the Cabinet in deciding on the nation’s most urgent national intelligence priorities.</p>
<p>But, a State Security Agency <a href="https://www.documentcloud.org/documents/1672699-organogram-of-south-africa-state-security-agency.html">organogram</a> leaked to Al Jazeera points to the existence of an operational entity in the domestic intelligence section called the Special Operations Unit. Little is known about its exact mandate.</p>
<p>The Sunday newspaper, City Press has <a href="http://www.news24.com/Archives/City-Press/Sex-Sars-and-rogue-spies-20150429">linked</a> this unit to a number of dirty tricks. These include smearing top civil servants, and forming a rival trade union to the Association for Mineworkers and Construction Union in the platinum belt, as well as spying.</p>
<p>And, a recent <a href="https://www.privacyinternational.org/node/1031">investigation</a> by Privacy International exposed a revolving door between the intelligence agencies, the mining industry, and private security companies in the communications surveillance sector. In other words, not only are the state spy agencies underregulated; private sector ones are too.</p>
<p>So the available evidence points to the State Security Agency’s political and economic intelligence focus being used to legitimise government spying on perceived political critics, and protect the exploitative business practices of mining companies.</p>
<h2>Ramaphosa double standards</h2>
<p>In 2013, Parliament <a href="https://pmg.org.za/committee-meeting/15616/">narrowed</a> the definition of what constitutes a national security threat to exclude legitimate political activities. Be that as it may, it has not done enough to address the weaknesses that created space for the 2005 spying abuses to occur.</p>
<p>Complaints from <a href="http://www.r2k.org.za/2016/05/05/6594/">journalists</a> and <a href="http://bigbrother.r2k.org.za/">activists</a> about illegitimate spying by the state have been piling up for several years. As the Deputy President, Ramaphosa would have been aware of these complaints. Yet, as a shareholder and non-executive director of Lonmin, Ramaphosa would have benefited from the spy agencies’ interference in labour struggles in the platinum belt.</p>
<p>He has not spoken out about the under regulation of the spy agencies until now. Ramaphosa must take political responsibility for the utter mess that grips the state spy agencies.</p>
<p>Undoubtedly, spying on political elites threatens democracy, but it is self-serving of Ramaphosa to complain only when he himself becomes the target. Political leaders who are vying for the highest office in the land really need to be more principled.</p>
<p><em>The author is completing a book manuscript entitled ‘Stopping the spies: constructing and resisting the surveillance state in South Africa’ (forthcoming with Wits University Press in 2018)</em>.</p><img src="https://counter.theconversation.com/content/83605/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Jane Duncan receives funding from the Open Society Foundation for South Africa. She is a member of the secrecy and securitisation sub-committee of the Right 2 Know Campaign, and a project leader of the Media Policy and Democracy Project.</span></em></p>It would be no surprise if Deputy President Cyril Ramaphosa’s claims of the state spying on him turn out to be true. After all, state spy agencies have been abused before in ANC factional battles.Jane Duncan, Professor in the Department of Journalism, Film and Television, University of JohannesburgLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/309802014-08-27T16:36:23Z2014-08-27T16:36:23ZGoogle must make Android safer – our data is at risk<figure><img src="https://images.theconversation.com/files/57518/original/fcrg2k48-1409134784.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Making hackers happy.</span> <span class="attribution"><a class="source" href="https://www.flickr.com/photos/erautio/3188752624">erautio</a>, <a class="license" href="http://creativecommons.org/licenses/by-nc-sa/4.0/">CC BY-NC-SA</a></span></figcaption></figure><p>Over the past few months, the Android platform developed by Google and based on the Linux operating system has been having a <a href="http://www.ibtimes.co.uk/most-secure-android-phone-hacked-defcon-hacking-conference-1460821">difficult time</a>. Hackers, with malicious intent and those without, have been investing time in finding out how weak this operating system is.</p>
<p>Android runs on <a href="http://www.cnet.com/uk/news/android-dominates-81-percent-of-world-smartphone-market/">more than four out of five</a> mobile devices. It is popular because it is free and its terms do not dictate to device manufacturers what hardware it must be used on.</p>
<p>The hacking seen so far is partly a result of this popularity. But there also seem to be inherent problems, which experts and hackers have discovered don’t exist on other mobile platforms. </p>
<h2>What are the issues?</h2>
<p>Android is getting the most attention from malware creators, because it has more than <a href="https://theconversation.com/explainer-which-phone-is-most-vulnerable-to-malware-25942">40,000 different malware compromises</a>. This is worrying especially as the same systems for Windows and Apple phones seem to have only handful such issues (on non-jailbroken devices).</p>
<p>In June concerns arose about an <a href="https://theconversation.com/had-an-odd-text-on-your-android-device-time-to-watch-out-for-sms-worms-28624">SMS worm</a> that could propagate via Android devices. One of the primary issues is the version control system these devices uses. As new and better versions of Android have been released, manufacturers having committed their development efforts to one version cannot always allow for upgrades. This is commonplace among the lower-priced devices, which tend to be fixed to a specific version of Android. Currently new devices are using the KitKat version of Android, but previous versions, such as JellyBean and IceCreamSandwich, remain in use.</p>
<p>In July researchers published their analysis of Android devices purchased on eBay. Even though these devices had had the information on them deleted, they could recover and analyse it. <a href="https://theconversation.com/naked-selfies-found-on-wiped-phones-shows-how-data-isnt-always-deleted-29119">Naked Selfies</a> among other confidential data were found, exposing a serious flaw in the encryption used by Android. The factory reset option, which should be able to permanently wipe any historical data from the device, seemed not to work well either. (This is the same issue, which was reported earlier in August, regarding the <a href="http://www.bbc.co.uk/news/technology-28790583">Tesco Hudl</a> tablet, which uses Android as the operating system.)</p>
<p>Now researchers have found a <a href="http://www.cnet.com/news/researchers-find-way-to-hack-gmail-with-92-percent-success-rate/">flaw</a> in the Gmail application on Android devices. The flaw makes it easy to create malware to obtain personal information, effectively using the email application as a route to extract all kinds of data from your phones. The researchers have claimed that this is also possible on iPhones and Windows phones. What they neglect to share is that Microsoft and Apple have app stores that undergo a range of stringent security checks before any app is allowed on their devices. This is unlike the Google Play environment, which is not the only source for apps on Android device.</p>
<p>There are many non-Google Android app stores – some legitimate but many not. Worse still, the security community has also exposed <a href="http://www.sciencedaily.com/releases/2014/06/140618163920.htm">issues</a> with the official Google Play store. We can trust almost all applications downloaded on Apple and Microsoft phones, but for any on the Android platform the risk is considerably higher. Unless you have up-to-date anti-malware software and are extremely cautious, chances are that your Android phone may eventually be compromised.</p>
<h2>Should I be concerned?</h2>
<p>Sadly, I think all Android users should be concerned. It is an excellent mobile operating system and has enabled low-cost smartphones and tablet computers to exist in the market place. But Google needs to tighten controls on how applications can enter this device as well as some of its underlying features.</p>
<p>Whenever I meet someone with an Android device, the first question I ask them is if they have any anti-malware installed. They often give me a quizzical look. The reality is that, if they don’t have such security apps installed, the data on their Android is not safe.</p><img src="https://counter.theconversation.com/content/30980/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Andrew Smith does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Over the past few months, the Android platform developed by Google and based on the Linux operating system has been having a difficult time. Hackers, with malicious intent and those without, have been…Andrew Smith, Lecturer in Networking, The Open UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/170962013-08-16T02:27:26Z2013-08-16T02:27:26ZYour emails are all scanned – and that’s what you agreed to<figure><img src="https://images.theconversation.com/files/29374/original/dk794brq-1376617325.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Legally, you've agreed to have your emails scanned – but what about morally?</span> <span class="attribution"><span class="source">enggul</span></span></figcaption></figure><p>According to Nobel Laureate <a href="http://en.wikipedia.org/wiki/Gabriel_Garc%C3%ADa_M%C3%A1rquez">Gabriel García Márquez</a>, “all human beings have three lives: public, private, and secret”. It is in our nature to want privacy, yet in the internet age, it has never been easier to access the details of our private lives. </p>
<p>In May 2013, whistleblower <a href="http://en.wikipedia.org/wiki/Edward_Snowden">Edward Snowden</a> lifted the lid on just how far intelligence agencies are able to reach into our online lives. The news came as a shock to many, though agencies such as the US National Security Agency (<a href="http://www.nsa.gov/">NSA</a>) have had this capability for years. </p>
<p>A <a href="http://www.theguardian.com/technology/2013/aug/14/google-gmail-users-privacy-email-lawsuit">recent article</a> in The Guardian highlights the dynamic tension in this debate. <a href="http://www.consumerwatchdog.org/">Consumer Watchdog</a>, a US-based advocacy group, has taken umbrage with Google’s <a href="http://www.theguardian.com/commentisfree/2013/aug/15/gmail-google-privacy-unreasonable-expectation">admission</a> that the content of Gmail messages are automatically scanned. Suits and <a href="http://www.scribd.com/doc/160134104/Google-Motion-to-Dismiss-061313">counter-suits</a> are flying back and forth. </p>
<p>Email providers have given themselves the legal right to scan people’s email by including it in their Terms of Service to which people must explicitly agree before they can use the service.</p>
<p>For example, Gmail’s <a href="http://www.google.com/intl/en/policies/privacy/">privacy policy</a> states:</p>
<blockquote>
<p>We use the information we collect from all of our services to provide, maintain, protect and improve them, to develop new ones, and to protect Google and our users. We also use this information to offer you tailored content – like giving you more relevant search results and ads.</p>
</blockquote>
<p>None of us like to think it’s the case but our email has always been scanned - not only by Google but almost every other email provider, by employers concerned about proprietary leaks, and by intelligence agencies too. </p>
<p>Email providers have no voyeuristic interest in the day-to-day lives of their users. They are using automatic content scanners to weed out spam and to give them the means to place targeted advertisements on your screen, the price you pay for this otherwise free service. </p>
<p>Intelligence agencies are not interested in the the lives of ordinary people either. They sift through the torrent of data looking for covert criminal and terrorist activity, information that might prevent the flight you are travelling on from blowing up mid-air, or to apprehend organised criminals.</p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/29371/original/kzrg7d3d-1376616892.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/29371/original/kzrg7d3d-1376616892.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/29371/original/kzrg7d3d-1376616892.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=542&fit=crop&dpr=1 600w, https://images.theconversation.com/files/29371/original/kzrg7d3d-1376616892.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=542&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/29371/original/kzrg7d3d-1376616892.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=542&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/29371/original/kzrg7d3d-1376616892.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=681&fit=crop&dpr=1 754w, https://images.theconversation.com/files/29371/original/kzrg7d3d-1376616892.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=681&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/29371/original/kzrg7d3d-1376616892.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=681&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption"></span>
<span class="attribution"><span class="source">estherase</span></span>
</figcaption>
</figure>
<h2>Great expectations</h2>
<p>The central issue in all this is that people have an expectation of privacy online where that privacy has never actually existed. The internet is a public place and we should adjust our expectations accordingly. If we do not say anything on the internet that we would not say standing on a soapbox at Speakers’ Corner, we have nothing to worry about. </p>
<p>The question is, do people have a moral right to privacy? Arguably they do, but it is a case of the collective good outweighing people’s individual rights, at least in terms of preventing terrorist attacks and curbing organised crime.</p>
<p>So there is a line that must be drawn, but no clear place to draw it. Case by case, we need to weigh up where the interests of the greater good ends and the individual’s right to privacy begins. </p>
<p>A disturbing trend for some is the recent move by Google to cross-reference and aggregate data from across its range of services. <a href="http://www.google.com.au/landing/now/">Google Now</a> – a mobile app that acts as an intelligent personal assistant – combines information from your email and calendar, the directions you get from Google Maps, and so on. </p>
<p>Designed to work with or without <a href="http://www.google.com/glass/start/">Google Glass</a>, it uses a natural language user interface to answer questions, make recommendations, and perform actions on your behalf. </p>
<p>For some, this is one step closer to Nirvana. To others it is a sinister plot to strip us of what little privacy remains.</p>
<h2>A scan-free email service?</h2>
<p>So what are your alternatives if you want email privacy? The news is not encouraging. All of the major providers scan email contents for commercial purposes and may be compelled to pass on information to the government. There are anonymous email providers, but it is doubtful whether <em>any</em> of them can guarantee complete protection against a determined intelligence agency. </p>
<p>These providers include <a href="http://tormail.org/">Tor Mail</a>, <a href="https://www.fastmail.fm/">FastMail</a>, <a href="http://www.sendanonymousemail.net/">Send Anonymous Email</a>, <a href="http://anonymouse.org/anonemail.html">Anonymouse</a>, <a href="http://www.mailinator.com/">Mailinator</a>, <a href="http://www.anonymousspeech.com/">Anonymous Speech</a>, <a href="http://www.hushmail.com/">Hushmail</a>, <a href="http://www.send-email.org/">Send Email</a>, <a href="http://www.hidemyass.com/anonymous-email/">Hide My Ass!</a>, and <a href="https://www.guerrillamail.com/">Guerrilla Mail</a>. This list is indicative, not exhaustive and makes no recommendations. </p>
<p>As Márquez observes, humans have an implicit need for privacy. He goes so far as to say that each of us has a secret life, one that we reveal to no-one and which is the expression of our essential self - perhaps our best self. </p>
<p>It is vital to realise that privacy on the internet is an illusion. All we have is the relative privacy of knowing that our words are mixed in with a trillion other words. Unless we are up to no good, no-one will be paying any attention to them. </p>
<p>The worst that will happen is that you might see an ad for a discounted Cruise Holiday next to the email you wrote about how stressed you are at work. </p><img src="https://counter.theconversation.com/content/17096/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>David Tuffley does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>According to Nobel Laureate Gabriel García Márquez, “all human beings have three lives: public, private, and secret”. It is in our nature to want privacy, yet in the internet age, it has never been easier…David Tuffley, Lecturer in Applied Ethics & Socio-Technical Studies, Griffith UniversityLicensed as Creative Commons – attribution, no derivatives.