Techdirt. Stories filed under "exaggeration"

This Week's Bad Photoshopping Lesson Comes From Scientology

Timothy Geigner — Thu, 16 May 2013 16:01:56 PDT

The universe has a sense of humor. I'm convinced of it. See, as someone who believes that humor is a wonderful way to deal with otherwise disheartening topics, I'm amazed at how often the world around me will give me something to laugh at when I'm feeling blue. Take the world's current climate on the topic of religion, for instance. It'd be very easy to get down in the dumps over the Westboro Baptist Church, religious fundamentalists engaging in acts of terror, and the never-ending saga known as the Middle East "peace" process. None of those things are laughing matters. But then, reading the forlorn expression on my face, the universe sends me another story from the Church of Scientology.

The Tom-Cruise-iest religion on the planet took a break from their attempt to destroy free speech to celebrate the grand-mega opening of their new ironically named Ideal Organization in Portland by producing the worst photoshopped picture this side of the Iranian military.

The crowd was around 450-750 people. But the church claims it was more like 2,500, and it Photoshopped in the proof. Except the proof is about as convincing as your thetan's origin story. In reality, there were no people in the right-hand side of the photo. There was actually a line of rented trees set up to block the view of people not so friendly to Scientology (see the photo below), as well as police blocking off a four-block radius for the event. And it's not just that the picture was doctored, it's that it was done quite poorly. They added people right on top of the trees in the altered section.

Tony Ortega has the two photos that demonstrate this. First was the "official" photo from the Church which is clearly photoshopped. And then a shot from a different angle showing that the people on the right section above aren't actually there. What was an attempt to make turnout of the "event" look bigger than it was resulted in, at best, Scientology looking silly yet again for their combination of secretiveness and lying about their own events. Or, at worst, it suggests that Scientology turns human beings into a kind of hybrid tree-people, in which case we're all going to be subject to an aphid plague that may undo all of humanity. Ahhhh!

So a word of friendly advice to my Scientologist friends: brainwashed graphic designers are a better asset than brainwashed Tom Cruises. For ever and ever. Amen.

Permalink | Comments | Email This Story

The Worst Article You Might Ever Read About 'Cybersecurity'

Mike Masnick — Wed, 27 Feb 2013 12:12:00 PST

There has been a lot of discussion lately about "cybersecurity" "cyberwar" "cyberattacks" and all sorts of related subjects which really really (really!) could do without the outdated and undeniably lame "cyber-" prefix. This is, in large part, due to the return of CISPA along with the White House's cybersecurity executive order. Of course, the unfortunate part is that we're still dealing in a massive amount of hype about the "threats" these initiatives are trying to face. They're always couched in vague and scary terms, like something out of a movie. There are rarely any specifics, and the few times there are, there is no indication how things like CISPA would actually help. The formula is straightforward: fear + handwaving = "we must have a law!"

However, I think we may now have come across what I believe may top the list of the worst articles ever written about cybersecurity. If it's not at the top, it's close. It is by lawyer Michael Volkov, and kicks off with a title that shows us that Volkov is fully on board with new laws and ramping up the FUD: The Storm Has Arrived: Cybersecurity, Risks And Response. As with many of these types of articles, I went searching for the evidence of these risks, but came away, instead, scratching my head, wondering if Volkov actually understands this subject at all, with his confused thinking culminating in an amazing paragraph so full of wrong that almost makes me wonder if the whole thing is a parody.

The piece starts off, though, by playing up those supposed "risks," discussing how companies face "economic devastation" due to the "theft of valuable trade secrets." Here's an exercise: name one such company that has been so devastated. We'll wait. Then he talks about how these hacks could lead to "disclosure of consumer and employee information." Of course, he seems to be mixing and matching the types of hacks he's talking about. The "trade secret" stuff is generally corporate espionage, whereas the leaking of data tends to just be more general malicious hacking. Very different issues that probably require very different responses. But they're lumped together here.

So we've got an ill-defined problem, but have no fear, because the answer is here: Congress!

At the core of the problem is Congress’ failure to act. For years now, Congress has tried to enact meaningful cybersecurity legislation.

Any analysis of whether or not the attempts at "meaningful cybersecurity legislation" would have any impact at all on the kinds of attacks discussed in the first paragraph? Why, no. Because that would be useful. But that's okay, because Congress needs to act!

The risks are too large and the consequences of failing to act can result in serious economic consequences.

Again, can someone point to any evidence of cybersecurity issues having "serious economic consequences" to date? Yes, it's possible they might in the future, but let's put these things in perspective.

And then we get to this. I warn you ahead of time: reading the following paragraph may cause certain knowledgeable brains to experience something akin to spasms.

Recent cyber-attacks have illustrated the ability of terrorist groups and foreign governments to cause havoc on the Internet. The United States Sentencing Commission’s website was destroyed when activists attacked the site to protect the federal prosecution of Bart Swartz which eventually led to Mr. Swartz committing suicide. For years, the Chinese government has launched massive daily attacks against our government and private industry which are aimed at disrupting government operations, stealing trade secrets and undermining economic activity.

Let's break this down. Bit by awful bit.

Recent cyber-attacks have illustrated the ability of terrorist groups and foreign governments to cause havoc on the Internet.

Where and how? So far, the only example of any government causing any sort of "havoc" appears to have been the US with Israel with their attacks on Iran via Stuxnet, Flame and possibly some other very targeted malware attacks. What "terrorist groups" or "foreign governments" have actually caused any actual "havoc on the Internet"? The answer is none. It's certainly not what comes next:

The United States Sentencing Commission’s website was destroyed when activists attacked the site to protect the federal prosecution of Bart Swartz which eventually led to Mr. Swartz committing suicide.

Yeah. Okay. (1) The United States Sentencing Commission's website was temporarily hacked (and later taken down). It was not "destroyed" in any sense of the word. (2) Activists are neither the "terrorists" nor "foreign governments" we were promised in the preceding sentence. (3) Taking down the site briefly did not cause "havoc." (4) BART Swartz??!??!? (5) The hack was to protest the federal prosecution of Aaron Swartz, not to "protect" it. (6) While many of Swartz's friends and families do say that the prosecution likely led to his suicide, no one can say for sure. (7) Nothing about the hack by Anonymous had anything to do with "cybersecurity" nor would CISPA have protected the Commission's website (better programming might have). Basically, this sentence is just about as wrong as it could possibly be, and has nothing to do with what the article is about, other than drumming up fears about "cybersecurity."

For years, the Chinese government has launched massive daily attacks against our government and private industry which are aimed at disrupting government operations, stealing trade secrets and undermining economic activity.

There's been plenty of talk about these Chinese hacks, which definitely do appear to be happening. But, what economic activity has been undermined? So far, the hacks may have been a nuisance, but it's unclear that they've done any real damage. It is also unclear how CISPA helps stop such hacks, other than making Congress feel like it's "done something."

Are there issues with online security that need to be taken seriously? Yes, absolutely. Do we need legislation to deal with those problems? That's debatable, and we're still waiting for some evidence not just of scary sounding threats, but that this kind of legislation will actually help. Unfortunately, this article keeps us waiting. But, it did make us laugh. Unintentionally (we think).

Permalink | Comments | Email This Story

Stop Calling Electronic Espionage Cyberwar

Timothy Geigner — Wed, 27 Feb 2013 05:45:38 PST

Cyberwar. Cyberwar never changes, mostly because it has never existed. Since the dawn of the new millenium, when the movie Hackers was still Congress's best approximation of the threat of compromised computers, thoughts have been spilled in the name of expunging this stupid hyperbole, this made-up threat with a trumped-up enemy. We're told the threats are everywhere, from an Iranian government that provides more laughs than danger, to a pirate wing of the Chinese military, to simple psychotic terror-hacking wings. Sadly, it is left to a pathetically small few media members to push back against the nonsense.

If stealing secrets is an act of war then America is currently at war with all of its allies. Espionage is what governments do so they don’t have to go to war...directly. What appears to be upsetting the Congressman is that the Chinese are using espionage to make money in a way that the United States didn’t think of first.

In the year 2013, after millenia of technological progress coupled with man's fear of it, the tidal wave of a complicit mainstream media could hold itself back no longer. As such, the world has been plunged into an abyss of cyber-nuclear threats, and bullshit.

The Times wasn’t content with using other peoples’ reports based on circumstantial evidence so it went out and got one of its own. The study by Mandiant has come under some fairly withering criticism.

-It doesn’t appear to say anything new. CEO Kevin Mandia: "Mandiant’s not the first company to blame China for the hacks, but it was our turn to carry the ball for a little bit." Translation = “We were working for the NYT and that’s some golden PR.”

-Did I mention it was based on circumstantial evidence? Jeffrey Carr does a superb job of explaining why Mandiant saw exactly what it expected to find and then offers several other equally valid possible perpetrators, including Russia, France and Israel.

But this threat has not, as some have predicted, caused the end of the world. Instead, the fake apocalypse was just the prologue to another crappy chapter of human history. For man had succeded destroying the fourth estate for the betterment of the cyber-defense industry.

Here is my boilerplate response on the security weakness of U.S. utilities in regards to cyber attacks: "Yes, there is a problem. It is not a crisis. To do any significant damage any such attack would most likely have to be associated with a physical attack." (The sky is not falling, Chicken Little, but I bet I could make a whole lot of money convincing you otherwise.)

Cyberwar. Cyberwar never changes, because it has never existed.

Permalink | Comments | Email This Story

Another Notch In 'Cyber Threat' Rhetoric's Belt: Former UK Head Of Cyber Security Brings 'AIDS Epidemic' Into The Mix

Tim Cushing — Wed, 16 Jan 2013 14:19:09 PST

Well, we've seen the always-impending cyberdoom compared to all sorts of horrendous events by legislators and security agencies. The perpetually-just-over-the-horizon cyberattacks have been given catchy names like "cyber-Pearl Harbor" and "cyber-9/11" in an attempt to scare up some support for terrible legislation and expansions of power.

The UK's former head of cyber security has taken a slightly different tack, avoiding the terrorist imagery in favor of something even more dubious.

Major General Jonathan Shaw, a former head of cyber security at the Ministry of Defence, said people must be told to improve their computer security because the UK is "extremely vulnerable" to attack by criminals and terrorists.

He said there is a "special responsibility" on all citizens to improve their "cyber hygiene" as private computers are the easiest to attack.

Speaking on BBC Radio Four's Today programme, Major General Shaw said the Government must "launch a cyber hygiene campaign like they did with the AIDS epidemic in the 1980s".

He said individuals are "on the front line" and must be warned their computers are at risk, as the Government is "not in charge of cyber space".

He's got that last part right. The government isn't in charge of cyber space, no matter how much it wishes to be. But owners of "private computers" have had "cyber hygiene" information available for years. If the UK government wishes to start a campaign to inform the public of the dangers prevalent on the web, I have no problem with that. The campaign will be mostly redundant and will have little impact on the number of infected private computers, but that's the way these things go. Actively keeping a computer free of malware, spyware and viruses takes a little effort and knowledge (and sometimes, a little money), but for many people, that "little" extra is too much.

Furthermore, it's tough to see how private individuals are "on the front line" of this so-called "cyber war." If there are key areas of infrastructure (say, the ever-popular power grid) that seem vulnerable to attacks by criminals and terrorists, how does erecting a firewall on a home computer prevent that? If these agencies feel they are threatened by cyberattacks, they need to do more policing on their end and make sure that critical systems are inaccessible from "personal" computers -- like preventing "cross-contamination" by keeping possibly infected "personal" media (thumbdrives, etc.) from connecting with critical systems or issuing "locked-down" computers for telecommuters. There are many more effective actions that could be taken by the "threatened" entities, but trying to keep the public's private computers from being conscripted into the latest botnet isn't one of them.

Lastly, conflating malicious activities with a communicable disease, even indirectly, is hardly a good idea, especially when the disease chosen is one with a loaded political and sociological background. It trivializes the impact of AIDS and generally makes the public feel the severity of the threat is overstated. Even if the aim is admirable (get more computer users to protect themselves from attacks), Shaw's unfortunate wording undermines his message.

Permalink | Comments | Email This Story

Guess What? Most Cybercrime 'Losses' Are Massively Exaggerated As Well

Mike Masnick — Wed, 18 Apr 2012 10:25:00 PDT

We've talked about exaggerations in "losses" due to infringement for many years. However, we've also discussed how claims of "losses" due to so-called "cybercrime" are also massively inflated. It appears that others are figuring this out as well. The NY Times has an op-ed piece from two researchers, Dinei Florencio and Cormac Herley, highlighting how all the claims of massive damages from "cybercrime" appear to be exaggerated -- often by quite a bit:

One recent estimate placed annual direct consumer losses at $114 billion worldwide. It turns out, however, that such widely circulated cybercrime estimates are generated using absurdly bad statistical methods, making them wholly unreliable.

Most cybercrime estimates are based on surveys of consumers and companies. They borrow credibility from election polls, which we have learned to trust. However, when extrapolating from a surveyed group to the overall population, there is an enormous difference between preference questions (which are used in election polls) and numerical questions (as in cybercrime surveys).

For one thing, in numeric surveys, errors are almost always upward: since the amounts of estimated losses must be positive, there’s no limit on the upside, but zero is a hard limit on the downside. As a consequence, respondent errors — or outright lies — cannot be canceled out. Even worse, errors get amplified when researchers scale between the survey group and the overall population.

This is pretty common. In the first link above, we wrote about how a single $7,500 "loss" was extrapolated into $1.5 billion in losses. The simple fact is that, while such things can make some people lose some money, the size of the problem has been massively exaggerated. As these researchers note, this kind of thing happens all the time. They point to an FTC report, where two respondents alone provided answers that effectively would have added $37 billion in total "losses" to the estimate.

This doesn't mean that the problems should be ignored, just that we should have some facts and real evidence, rather than ridiculous estimates. If the problem isn't that big, the response should be proportional to that. Unfortunately, that rarely happens. In fact, combining this with the recent ridiculous stories about the need for "cybersecurity," perhaps we can start to estimate just how much of an exaggeration in FUD the prefix "cyber-" adds to things. I'm guessing it's at least an order of magnitude. Combine bad statistical methodology with the scary new interweb thing, and you've got the makings of an all-out moral panic.

Permalink | Comments | Email This Story

Viacom: Pass SOPA Or Spongebob Dies

Mike Masnick — Tue, 15 Nov 2011 09:42:43 PST

It's the most unintentionally hilarious video of the year... Viacom has put out one of the most ridiculous "anti-piracy" propaganda videos yet, complete with debunked stats, ridiculous claims, ominous music... and lots and lots of Viacom employees admitting that they're too clueless to adapt to a changing marketplace, and begging you to give them money so they can keep their jobs. Seriously. As the video goes on, the claims get more and more ridiculous, to the point where someone even threatens that if you don't keep buying Viacom products, Spongebob might no longer exist. And, really, that's the hilarious part. So much of the video is just people begging others to save them. They beg people to give them money. They beg the government to save their jobs. Nowhere, however, do they talk about actually adapting. Nowhere do they talk about making use of what the internet provides to build bigger audiences, to promote better, and to better monetize. Because that's the kind of stuff that Viacom just doesn't do. It just begs others to cover up for its own business failures.

Remember, this is the same company where the CEO made $84.5 million last year (a $50 million raise). I'd embed the video here, but remember that Viacom is trying to sue YouTube out of existence, so they didn't put it up on YouTube... in fact, they didn't put it up in a manner that lets you embed it anywhere. So you'll just have to go to Viacom's website and watch the video directly there yourself... costing Viacom's bandwidth. They could have gotten that bandwidth for free if they'd just posted the video to YouTube... but, as we're told in the video, "free" is "stealing." And it destroys jobs. Except for Viacom's CEO. He's doing okay.

Permalink | Comments | Email This Story

South Carolina Candidate For Governor Claims There Are Millions Of Internet Child Predators

Mike Masnick — Wed, 29 Apr 2009 07:20:00 PDT

Over the past few years, we've see quite the moral panic about the supposed threat of internet predators preying on children online. This isn't to say that it doesn't happen or that parents and children shouldn't be quite careful, but the press and politicians have clearly blown the threat way out of proportion. Study after study after study has shown that the threat is relatively small, and most kids are smart enough to be safe online and avoid anyone who seems sketchy. And, the reality is that preying on kids has actually decreased as the internet has grown more popular.

But, of course, that doesn't make for the type of headlines that politicians want. South Carolina's Attorney General has now announced his plans to run for governor of the state, in part on the claim that he's going to crack down on child predators online. Now, we're all for cracking down on online predators, but it's tough to take him seriously, when he claims that "there are millions out there." Millions? That seems a bit on the high side. On top of that, he claims that "Any child can become a victim" because "the predators are so skilled at what they do." Except, of course, that's not what the studies have shown at all. They've shown that most kids aren't interested in strangers online at all, and if you reasonably educate them (which you should) they're likely to be safe. But why bother with the actual evidence when you can grandstand as part of your bid to be governor?

Permalink | Comments | Email This Story

Chinese Movie Site Sues Hollywood Group For Overstating Settlement Terms

Mike Masnick — Fri, 28 Mar 2008 13:51:00 PDT

The motion picture industry has a habit of overstating its victories against copyright infringement. It appears that one Chinese firm is so upset about this that it's going back to court. The MPA (the international version of the MPAA) had sued the Chinese site Jeboo for distributing Hollywood movies online last year. Earlier this year, the studios and Jeboo reached a settlement, at which point the MPA announced triumphantly that Jeboo had stopped "infringing activities," had apologized and paid a substantial sum. Jeboo, however, said that the terms of the deal were confidential and as a part of the deal, the company absolutely did not admit to any illegal activity. To Jeboo, the MPA's announcement suggests otherwise, and therefore Jeboo is now back in court suing the MPA for its portrayal of the settlement. The MPA folks must be stunned. They've all gotten away with exaggerating for so long the idea that someone would call them on it (in court, no less) must be a surprise.

Permalink | Comments | Email This Story

Would You Believe That Microsoft Has Been Caught Exaggerating Concerning Copyright?

Mike Masnick — Tue, 5 Feb 2008 15:51:38 PST

Microsoft has a decently long history of exaggerating the impacts of copyright infringement on its business, even as there's a fair bit of evidence that the company has benefited greatly from lax enforcement of copyright. However, now the company has taken to exaggerating what copyright law actually says up in Canada. Michael Geist does a nice job picking apart a recent Microsoft-penned editorial claiming that copyright law in Canada just isn't strong enough. Even better, he does so using examples of Microsoft's own actions to prove the company wrong. For example, the editorial claimed that current Canadian copyright law didn't protect a content creator from someone using their content for commercial purposes. Yet, as Geist points out, Microsoft itself won just such a lawsuit a year ago, trumpeting the results in a press release. Perhaps Microsoft saw how the movie industry was able to lie about existing copyright law in Canada -- which convinced politicians to pass unnecessary new legislation -- and figured that Canadian politicians seem mighty gullible on the subject.

Permalink | Comments | Email This Story