My first earthquake!
Wheeeeee! It was actually kindda fun. The strange thing is that I'll never really think of the ground as "solid" again. I was at the world's greatest sushi bar. My dinner companion ran outside and I ate his Kampachi. No damage at home although one of my more precarious stacks of books, routers and amazon boxen might have toppled over at the home office. It's hard to be certain.
October 31, 2007 | Permalink | Comments (1) | TrackBack
I mumble about Real ID
Jon Udell has posted a podcast interview with me about Real ID. We've both written briefly about it recently. I just listened to the podcast again and must say that Jon is really good at asking the right questions. His questions in the interview are a lot better than my answers.
Plus I don't really sound like that in real life. How do radio people ever get used to hearing their own voice?
April 2, 2007 | Permalink | Comments (2)
Thinking about Real ID
DHS has published the proposed details of the Real ID act and criticism is staring to pour on in from all sides. The Real ID act is supposed to standardize the driver's licenses issued by the states. Supporters say that this is necessary to improve security. Critics usually focus on the weakening of privacy protections. The arguments and counter-arguments usually don't bother to address each other and, lofted on volume not substance, quickly grow heated and dim.
There's a way to have a meaningful debate on this. Any new security proposal must be compared to the status quo on four dimensions: Security, Privacy, Convenience and Cost. If the new proposal is clearly better at all four, then it's a no brainer. If the new program is worse on all four, then, well, it has no brains. What if the new program is better on some dimensions but not on others? Should we weigh the relative merits and compromise? Yes, eventually, but not right away! Since the new proposal enjoys the airy freedom of not actually existing yet, we should go back and rework the proposal until it is overwhelmingly better than the status quo.
What is the status quo that Real ID is aiming to replace? Basically, each state has their own standards for driver's licenses which differ on many of the important details. The status quo sucks in terms of security and privacy and is lackluster in convenience and cost. Is Real ID overwhelmingly better? Not yet, but it can be made so.
Let's.
March 5, 2007 | Permalink | Comments (6) | TrackBack
Best. Organization. Ever.
I've said it before, and I'll say it for the next 10,000 years: The Long Now Foundation is the most awesomely cool thing ever conceived.
When I grow up, I want to work there.
February 25, 2007 | Permalink | Comments (0) | TrackBack
What I don't know about privacy
A post on Steve Hunt's blog has me thinking about privacy again.
A couple of years ago, I was speaking on an international identity and security panel in Rome. At the end of my remarks, a French journalist asked me a long question that seemed to have something to do with privacy but a lot more to do with trying to bait me to agree or disagree with his stated distaste for some aspect of Bush's foreign policy. I say "seemed to" because neither my French nor his English were up to the task at hand. Unfortunately, this kind of game has become routine for traveling Americans and I almost always choose not to play. So instead of answering directly or, the horror, asking him to clarify his question, I decided to use up my time with an impromptu digression on the nature of privacy. I wasn't sure what I was going to say and, when it was said, I wasn't sure if I actually agreed with it. I'm still not sure. It sounded good at the time though and sent the audience a-nodding. Here's more or less what I said, [with my simultaneous inner monologue in brackets].
---
When our founding fathers wrote the Declaration of Independence [good, always start with the Founding Fathers when talking to a French reporter], they put in a curious sentence, "We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights," [Uh oh, is that in the Declaration or the Preamble to the Constitution? Crap! Ok, just act confident and the audience won't know.] "...that among these are Life, Liberty and the pursuit of Happiness."
Now there's an interesting thing here: the three rights specified are mentioned in order of decreasing specificity and ease of measurement. The first one, Life, is pretty easy to measure; most people will agree on whether someone is alive or dead. Well, not right now in Washington, but most of the time. [Polite laughter, good, they've heard about the Schiavo thing over here.] The second one, Liberty, is a bit harder to define but still pretty good. You can usually get a pretty good consensus on whether someone is free or a slave.
Now the third one is tough. Happiness? How can you really define it? Or measure it? It seems like a really personal quality that's really hard to pin down. Some people don't even seem to want to be happy. I mean I've seen French movies. [Better laugh line, but have I actually ever seen a French movie? I must have.] Aren't standards of happiness based heavily on the ideas of the time? Plus what if my happiness makes you unhappy? Or vice versa? Don't the Germans even have a word for this? Schadenschnitzel or something? [Big laugh, Europeans love the 'dumb American tries to say something important but gets comically confused with a food item' bit. JFK knew this as well.]
That's why the Declaration doesn't give you a right to happiness, only to the pursuit of happiness. We can't guarantee you happiness, but we can make sure that you can do whatever you think may make you happy - as long as you don't get in the way of the other two rights for others. And this is the real genius of the document: you have a right to pursue. You may never get there, or I may beat you to it, but you can pursue happiness if you want and we won't stand in your way.
[Now here's the part that I'm really not sure about, but it's such a smooth transition.]
So what about Privacy? Is it like Life? Is it like Liberty? [Yes, come to think of it, it probably is like liberty, should have thought this through better before starting.] Or is it more like Happiness? I think privacy is a personal thing. Some people want to be very private, other people post pictures of their vasectomy on their blog. Don't google for this! [Really, don't.] Some people want to hide every step they make on the web, others don't care at all. And is there a corresponding right to know? If I really want to know how much my customers earn, is it really wrong for me to try to find out? What if I want to find out who's giving money to a politician? Does your right to privacy trump my right to happiness?
I think maybe privacy is like happiness, and the "right to privacy" should really be "the right to the pursuit of privacy". If you want to keep certain information private, you should have access to all the tools you need to make that happen. If you choose not to use those tools, either because you don't care or because you agree to some kind of business or social proposition in return, then I have the right to get whatever information about you that I want. And the default setting on your web browser shouldn't be "private" any more than the default setting on your life should be "happy". If you want privacy or happiness, you have the absolute right to work at it, but it's not our responsibility as representatives of government or industry to hand you either one. [Big applause line from the audience, but it's a very business- and government- centric crowd.] Companies should be free to track their customers' actions and people should be free to hide whichever of those actions they want. Each person gets to choose where they want to stand in that marketplace.
---
This got a good very good reaction at the conference, but the "privacy" guys were pretty severely outnumbered so it wasn't a balanced field. I'm still not sure how I feel about this analogy. The biggest danger seems to be the potential arms-race between privacy seeking individuals and information seeking businesses or governments. For instance, is it OK for Google's default search behavior to be set to log your search history? (Nelson Minar and my brother had an interesting discussion about this a couple of weeks ago). If so, would it be OK for Google to change the opt-out settings randomly every few months to force people to "really" care about their privacy? Would it be OK for Google to just lie to you and keep records even you've opted out, claiming that you should be using some third-party anonymizer if you really cared? (I think the answers are "yes", "no" and "no", but where do you draw the line?) Also, are the implications significantly different for government/citizen interactions?
I'm not sure about any of this. I told myself that I'd sort it out before posting, but my little talk was almost two years ago and I still haven't decided. Is "privacy" like "happiness"? Maybe it's not a very useful question. What do you think?
Oh, the picture at the top of this post is a still from "Fireworks", the School House Rock episode on the Declaration of Independence. It's how they chose to illustrate "pursuit of happiness". Note that this kind of pursuit, deemed appropriate educational programming for children in the 1970s, would now land you in jail.
February 23, 2007 | Permalink | Comments (1) | TrackBack
I'm not good with slogans
Now that my former governor, Mitt Romney, has officially entered the 2008 presidential race, I'd like to propose the following campaign slogan:
You may groan at will. I'm not yet sure whether this is a pro- or anti- Romney slogan as I don't plan on paying any attention to the race for another sixteen months or so.
February 15, 2007 | Permalink | Comments (0) | TrackBack
A Realistic Plan For Saving Air Travel
There's recently been a lot of hand-wringing that the air travel experience is on an irreversible spiral to unbearable levels of craptitude. Fear not! By thinking outside the box I have come up with a way to change the paradigm and simultaneously exploit win-win synergies between security and economic stakeholders. Here's how the brave new world of air travel is going to work:
1. RFID chips will be in everything - all your clothes, toiletries, electronics, underwear, etc.2. When you show up at the airport, you'll walk through a scanner which will instantly compile a full catalog of everything you're wearing and carrying using the above mentioned RFID chips. This information will be stored in XML!
3. You'll take off your clothes and put on a stylish paper gown. All of your clothes and other possessions will be placed into a box and incinerated.
4. You'll board the plane in your gown. Since everyone on board will be similarly attired, you'll enjoy a relaxed, spa-like atmosphere. Business class seats will offer a complimentary electro-pneumatic massage ($12 in coach).
5. As you fly, the information about your possessions will be electronically sent (via XML!) to a new joint venture between Air Mall and Amazon.com. Assuming all your brand licenses are up to date, an exact duplicate of all your clothes and possessions will be just-in-timed to your final destination.
6. Once you arrive and clear security a second time, you'll be given new copies of all your stuff. An efficient waiting area will be provided for people whose new clothes haven't arrived yet.
Think about it: total security and a big boost to our RFID, XML, PPRM (Physical Possessions Rights Management) and logistics industries! Low cost off-shore manufacturing gets a hand as well and who cares about quality when that Hugo Boss suit only has to survive until your next flight?
As an alternative to incineration, I suppose that your items could be cataloged, sanitized and given out to people traveling in the opposite direction, but that sounds like defeatist tree-huggery to me. The other alternative, low cost air-taxi service using a new generation of affordable light planes that are convenient, efficient and too small to be interesting terrorist targets, is just rampant crazytalk.
XML!
August 11, 2006 | Permalink | Comments (5) | TrackBack
Sweetness Follows
Lamentably, Katyusha rockets are in the news again. Want to know what the name means? It's Russian.
In Russian, most nouns, and all proper nouns, have multiple diminutive forms. For example, if stol is the word for table, stolik means "cute, little table". Sometimes the diminutive form is the only surviving form of a word. For example, the word for a portable folding bed, raskladushka, literally means, "cute little thing that unfolds".
Names receive this treatment very commonly as well. In English, the diminutive form of "Catherine" is "Cathy". The same name in Russian is "Yekaterina" or, more familiarly "Katya". If your Katya is a particularly sweet little girl, you might call her "Katyusha". That's the literal name of the WW2-era rocket at the center of the current unpleasantness.
It's unlikely that the current weapons were actually made in Russia. "Katyusha" has come to mean any low-tech, unguided rocket fired out of a tube mounted on some kind of portable cart or vehicle. It's sort of like a Scud, except smaller.
There is another level of diminution possible with Russian names. If your Katyusha is really, really adorable - perhaps she's a small puppy - you might call her "Katyushenka". As far as I know, there is not yet a weapon with that name.
When I was a kid growing up in the Soviet Union, we were taught a famous song about the Katyusha rocket. Today, I can't get it out of my head.
July 24, 2006 | Permalink | Comments (2) | TrackBack
Big Dig Accident
Last night, a big slab of ceiling fell inside the Boston "Big Dig" tunnel and killed a woman driving through. This follows a string of fraud charges and controversy about the $14.6 Billion dollar project.
Matthew J. Amorello, the chairman of the controlling authority is quoted in today's Boston Globe:
“We are going to do everything we can to assure these are safe tunnels,” said Amorello, flanked by police and state and local transportation officials. “These are safe tunnels. This was a horrible, horrible event. It is an anomaly, and we will get to the bottom of what happened.”
This statement has two possible meanings, depending on the definition of the word "assure".
1) "We are going to do everything possible to make these tunnels safe. These tunnels are safe."
or
2) "We are going to do everything possible to convince people that these tunnels are safe. Let's start: these tunnels are safe."
Note that the first meaning doesn't really hold water. Kind of like the Big Dig.
July 11, 2006 | Permalink | Comments (0) | TrackBack
Vienna
I had a hankering to start up the blog again. Who knows how long it'll last but here goes.
I'm in Vienna for a couple of days. They're really into some guy (? - hard to tell for sure from the portraits) named Mozart here. You literally can't walk a block without running into something Mozart related. It's like with Starbucks in the US, except they have just as many Starbucks (Starboxen?) here as we do at home, so there's really not much room for anything else. The "anything else" is quite beautiful though. Walking around old European capitals always reminds me that the most historically-significant building in my neighborhood is the art deco Sears-Roebuck store from the 1930s. Apparently it's the 250th anniversary of Mozart founding the city or something, so they're really going all out. Mozart must be some sort of mythical city-creating hero in Vienna, like Paul Bunyan in Brainerd or Benjamin Franklin in Philadelphia.
I'm here to moderate a panel at the Global Security Forum. It's been a worthwhile experience. One of my panelists, Aldo Agostini from Venice, made a fascinating point about the different meanings of "privacy" between the U.S. and Europe. According to Mr. Agostini, the American concept of privacy is rooted in the goal of "freedom", while the European definition centers around "dignity". I'm not entirely sure what "dignity" is, but the Europeans seem quite attached to it. It might somehow be related to the Japanese word, "shame", but that's a concept as strange to Americans as anthropomorphic panda bears riding in giant-panda-shaped fighting robots. Except less cool, like Brainerd.
Anyway, I'll take freedom over dignity any day. I'd take happiness over dignity. I've even been known to take a nice big steak over dignity.
Speaking of which, I've yet to eat any of the famous Viennese meat products so when the conference was over I headed back to the Radisson with the plan of changing clothes and then hitting a restaurant. Once in my room I flipped open the hotel-provided Vienna guide book and read the very first sentence in the "sightseeing" section:
"Even though we are facing an economic slump, terror threats and cost reduction measures: Vienna is still one of the most popular places for outings and holidays."
Way to go for the hard sell! Now I see why our idea of marketing isn't centered around "dignity", either.
Under the guidebook was a brochure for the fancy hotel restaurant. The pictures looked appetizing until I saw this one in the corner:
Ok, seriously, I'm thinking of calling the cops.
Back to the guidebook, randomly flipped open to page 41:
"Would you like to discover Vienna in a special way? Would you like to discover Vienna in a very-special way?"
No. I'm going to bed hungry.
[Update: Two people have already accused me of "name dropping" Brainerd. Yes, I've been there. Any place that has Jello in the all-you-can-eat salad bar is OK in my book.]
July 7, 2006 | Permalink | Comments (3) | TrackBack
Split the difference
I have a suggestion for how Google can atone for their free speech sin of agreeing to censor results in their Chinese version to comply with Chinese government web rules. Since they'll have to implement algorithms to automatically determine which results to omit in the Chinese version, they can also make a version of the search engine that displays ONLY the stuff censored in China. Of course this version will only be accessible outside of the PRC but, meh, it's a start.
Note to my Chinese business associates: Joke!
January 25, 2006 | Permalink | Comments (2)
Grisly advertising
I was all in favor of the media's right to photograph and publish pictures of dead bodies in the wake of Hurricane Katrina, but then I found a page at the LA Times website that has some pretty bad ad targeting. The page had a photo of a corpse floating next to a house, and the animated ad right underneath showed a close-up of a Cheerio floating in milk with the caption, "Think of it as your life preserver." Before I could fully process what was happening, I clicked reload and got the same photo with an ad for "Corpse Bride: Rising to the Occasion".
Ok, that's just wrong.
I reloaded a few more times, took some screenshots and posted them here. The original LA Times page is here, but it may be down by the time you get to it.
I still believe in the media's right (perhaps even obligation) to publish these kinds of photos, but they need to take serious responsibility for how such content is going to be presented. A few companies ago, I worked as an engineer on the first-ever online ad system, and we spent quite a long time thinking about how to prevent exactly this kind of offensive targeting. There are many approaches, but the best one by far is the one we recommended to our first online newspaper client in 1996: when you publish particularly disturbing stories or photographs, turn off all advertising on those pages. The people in the photos, your readers and your advertisers deserve better.
September 18, 2005 | Permalink | Comments (1)
Understanding vs. groking
Every time I've ever been to New Orleans (which is my favorite U.S. city to go to for conventions), some local or tour guide or waiter would say, "You know, New Orleans is completely below sea level. One day the levee is gonna break, the pumps will get flooded and we'll just become another lake with nowhere for the water to go." It's remarkable how something could be so completely expected and yet still so shocking when it finally happens.
August 31, 2005 | Permalink | Comments (2)
Important reminder
September 19th is International Talk Like a Pirate Day. That is all.
August 30, 2005 | Permalink | Comments (0)
I've been podcasted
I've never listened to a
podcast before; I'm too old, and back in my day we just called them mp3
files. Until today!
InfoWorld's Jon Udell has just podcast (is
this the right tense?) an interview with me talking about the convergence of
physical and IT security. Forty minutes of hard-rockin' talk on FIPS-201
standards is exactly what all the cool kids will be jamming to while waiting
for the, um, ski lift.
Sorry, the air
conditioning in our building is down today. I'm going to have words with my landlord about the convergence of sweaty
programmers and the withholding of the rent.
July 20, 2005 | Permalink | Comments (0)
Metal detectors at subway stations are probably a bad idea
I just saw a CNN poll which shows that 60-something percent of Americans are in favor of installing metal detectors at subway stations. This is probably a bad idea for at least three reasons:
1. Metal detectors do not pick up explosives and would not prevent bomb attacks such as those that took place in London this morning or in Madrid last year. You need explosives detectors for that. Trained dogs can do a decent job at this, but electronic explosive detectors are currently far too expensive to install most subway entrances.
2. Metal detectors would cause bottlenecks of people lined up to go through them. Such predictable concentrations of crowds in environments poorly designed to accommodate them are attractive terrorist targets in their own right.
3. Setting up visible but mostly ineffectual security devices such as metal detectors may both desensitize and frustrate regular commuters. This could reduce situational awareness and make people less likely to cooperate with other, more meaningful, security measures in the future.
We should remember that
metal detectors were originally installed at airports to prevent hijackings, not
bombings. There is relatively little danger of someone hijacking a
train.
I'm hoping that we'll see a dramatic reduction in both the cost and operating time of electronic explosives detectors over the next few years. That's a technology that could actually make a difference. For now, investment in terrorist response capabilities are just as important as investment in terrorist prevention capabilities. In the case of mass transit, perhaps even more important.
July 8, 2005 | Permalink | Comments (2)
Belated update
I think I've figured out the "DHS smartcards using Bluetooth" flap. Near as I can tell, there was never any plan to make Bluetooth-enabled cards (which doesn't make any technical sense anyway) or Bluetooth-enable badge holders (which would be just strange). There was speculation at a public forum about making Bluetooth-connected card readers so that you could read DHS smartcards with, say, a Blackberry. This is actually not a bad idea. I think you could overcome the security issues in this use case because Bluetooth would basically be an unsecured conduit between two secure participants (much like the Internet is with SSL). Either way, I don't think it ever got much past the "wouldn't it be neat if we could..." public-musing phase.
Bottom line: Bluetooth panic around DHS cards is uninformed and unjustified.
July 6, 2005 | Permalink | Comments (7)
EPIC responds
Bruce Schneier, writing on behalf of the Electronic Privacy Information Center, has put out a well-written refutation of my recent criticisms of EPIC's report on the DHS smart card program. (Links to EPIC's report, my original blog entry, the much-shortened C|net article and EPIC's response).
I'll post a more thorough response when I have a bit of time, but here's where I'm leaning:
1. I'll mostly concede the "ISO/14443 is RFID" point. ISO/14443 clearly is "RFID" in the broad sense of the word, but much scare-hay has been made by applying non-ISO/14443 aspects of RFID to discussions about smart cards. There's more to talk about here, but I was wrong and apologize for it. The word "RFID" has taken on many meanings and I should have been more precise. As I said in the original article, the only real answer is to move to strong, active cryptography on RFID cards which (among other benefits) would make it virtually impossible to an unauthorized third-party to snoop a conversation.
2. I'm glad that EPIC admits their mistake on calling the DAC cards "Bluetooth". However, I'm very puzzled by this "Bluetooth-enabled card holder" business. If, as Bruce suggests, it's a way to rebroadcast card data over Bluetooth... that's just strange. Not necessarily bad, but strange. Ok, probably bad. Maybe he means Bluetooth card readers. That would make a bit more sense. I've never heard any talk at DHS about these things, so I'm going to do a bit more research before commenting further. Still, the cards themselves have nothing to do with Bluetooth and the card program should not be unjustly criticized because some hypothetical peripherals that use the card might be poorly thought out. There will eventually be thousands of hardware and software products that work with government smart cards. Some of them are bound to be dumb. I could make a machine that sucks in your dollar bill and then punches you in the stomach, but my talking about such a machine should not subject the entire system of U.S. Currency to ridicule. Come to think of it, the Vend-o-Punch™ might not be such a bad idea.
3. I do not agree at all with EPIC's response on the biometrics points. There's still a lot of confusion over the issues. More on this later.
4. We've met about half-way on the PIN discussion. A global and mandatory-override short (4 or 6 number) PIN is probably a bad idea, although not for the reasons stated in the original report. I think the DAC use of PINs is mostly fine.
5. The disclaimer about my indirect involvement with DHS appears on my blog but not on the C|net article because the editors at C|Net asked me to cut the originally submitted 1,700 words down to 700. The blog is linked to from the article.
As an aside, Bruce Schneier is a demigod of sorts in the security industry. His Crypto-Gram newsletter has been worth reading for a long time now. I'm glad to see him engaged in this discussion.
May 30, 2005 | Permalink | Comments (4)
You gotta start small
Breaking news from the Associated Press. Probably fixed by the time you get there.
May 27, 2005 | Permalink | Comments (2)
I don't write my own headlines on News.com
A few weeks back, C|Net's News.com asked me to shorten my previous post about the faulty EPIC report for publication on their site. I pretty much rewrote it from scratch to condense the same points into 700 words. They published it yesterday in the "Perspectives" section. There are already some great, substantive comments at the bottom of the story. My flippant answers are forthcoming in place.
The photo at the head of the story is kind of creeping me out. I must have been thinking of pie when it was taken.
May 18, 2005 | Permalink | Comments (2)
New York Times gets it at least two-thirds wrong
Yesterday, the New York Times online featured a brief video clip called Business Travel Minute: More Checkpoint Follies. Video links on nytimes.com are kind of screwy and the whole thing will probably disappear in a few days, but as of this writing, you could still watch the video at the link above.) The piece is in the currently popular "airport security is absurd" genre and features three examples of alleged TSA bone-headedness. Smug tittering aside, at least two of the ridiculed examples are perfectly understandable.
The first case is a toss-up:
An on-duty FBI agent was cleared to board a plane with a loaded gun, but her nail file was confiscated.
Ok, the end-result here is absurd, but I do not find serious fault with the process. How much leeway should gate inspectors be given to interpret the rule, "do not allow sharp metal things on board"? Perhaps the law can be changed to give authorized airplane gun-carriers the additional authorization to carry knives (or be immune from the screening process in general), but unless that happens TSA inspectors should not be blamed for enforcing the rules.
Examples two and three are completely appropriate airport security behavior (at least as briefly stated by the NYT, there may have been other circumstances).
A woman holding an infant was ordered to remove her shirt. When she refused, she was led away for a private inspection - and yes - the infant also got the full pat down.
Ho ho ho. Wait, patting down an infant makes sense because, um, you can hide things on an infant.
An investment executive who's a retired navy man got so fed up with being treated like a suspect that he showed up at the airport in a tank top with all his military medals pinned on it. Yes he had to remove the medals.
What were they supposed to say? "Go right ahead and set off the metal detector sir. We trust that you don't have anything else in your pockets." Come to think of it, a case could be made that any upset man who shows up at an airport wearing a tank top pinned through with dozens of medals (for proud service to the USA and/or eBay) should probably not be allowed to board at all.
There's no shortage of legitimate ridicule of US airport security (see my own attempts here, here and here), but this snickering from the New York Times is just dumb.
(Thanks to Dave Engberg for the link.)
May 4, 2005 | Permalink | Comments (14) | TrackBack
Security makes me hungry
From the Associated Press: School Mistakes Huge Burrito for a Weapon
The drama ended two hours later when the suspicious item was identified as a 30-inch burrito filled with steak, guacamole, lettuce, salsa and jalapenos and wrapped inside tin foil and a white T-shirt.
April 29, 2005 | Permalink | Comments (6)
You keep using that word...
I've received much good feedback on my last post about the pudding-headed report criticising the new DHS smartcard program. Many people are justifyiably mystified by the report's references to Bluetooth. The strange thing isn't that the new smartcard doesn't use Bluetooth, but that smart cards and Bluetooth have absolutely nothing to do with each other. It's like asking, "Doesn't the new Honda Accord suffer from all the well documented problems of Esperanto?" The short answer is "no", the real answer is, "what the hell are you talking about?"
The problem, of course, is buzzword creep. With all the industry terminology floating around these days, it's hard for people to remember whether combining two particular concepts produces an argument that's coherent (like biometrics and privacy) or less so (like pancakes and the doctrine of original intent). That modesty does not typically hinder such people from writing technology assesments or legal opinions is beyond the scope of this blog post.
Bluetooth, a fine technology with many years of buzzwordiness behind it, is particularly suseptible to such content-free punditry. In service to all the technology companies who make perfectly good products that have nothing to do with Bluetooth, but feel market pressure to be 100% buzzword compliant, I offer the following decal:
You wouldn't put it on a cell phone (whether it had Bluetooth or not), but you could stick it onto a toaster, tax software, or a government smart card. I'd start sticking it on our software boxes, but I bet our attorneys wouldn't be too happy.
April 13, 2005 | Permalink | Comments (1)
EPIC report is not so good
A couple of days ago, the Electronic Privacy Information Center (EPIC) issued a scathing analysis of the Department of Homeland Security's upcoming smart card program. Our country (indeed, much of the world) is currently struggling with the concepts of secure identity documents, and watchdog organizations such as the EFF, the ACLU and EPIC play a vital role shaping the debate. I am completely in favor of holding every government security program to unyielding standards of efficiency, effectiveness and privacy (see here and here, especially in the comments). Unfortunately, this particular report is muddled in many places and simply wrong in others.
Full disclosure: although I am not directly involved in the DHS card program, DHS is a customer of ours and we are working on several products that will make use of the card. In other words, I may be biased but I kind of know what I'm talking about.
Even the first sentence of the report is inauspicious for a security document:
President Bush's proposed $2.57 trillion federal budget for Fiscal Year 2006 greatly increases the amount of money spent on surveillance technology and programs while cutting about 150 programs—most of them from the Department of Education.
Why is the source of the funding relevant to the security analysis of the program? Would the technology be better if it were funded by, say, increased taxes on oil company profits?
EPIC quickly launched into the heart of their grievances:
The Department of Homeland Security Access Card (DAC) has vulnerabilities associated with its use of radio frequency identification (RFID) and Bluetooth technologies, biometric identifiers and PIN backup system. But there are also risks that come from the DAC's "mission creep"; the Department also wants the card to be used as a payment device for everyday items.
This is a good executive summary - five specific identified problems. Unfortunately the analysis of each one is pretty weak. I'm going to leave the "mission creep" stuff aside because there are legitimate policy and design questions there that have nothing to do with technology. The other four claims are fair game. Let's look at them in order:
"RFID"
Here's an easy defense against the RFID claim: The DAC does not use RFID. The DAC uses a standard called ISO/14443 for contactless (wireless) communication between the card and a reader. RFID is designed for tracking physical items. It has a long read range (about four feet) and is not encrypted. ISO/14443 is designed to identify people. It has a much shorter read range (about 5 inches) and weak encryption. The two standards are very different but they're frequently confused even by allegedly authoritative speakers. I don't get too worked up about this mistake because even though it's much harder to snoop ISO/14443 than RFID, the vulnerabilities are of the same type. Still, it doesn't help EPIC's credibility to conflate the two standards, especially since exactly this mistake was the center of much teeth-gnashing last month. The real answer is to eventually move to contactless cards with strong cryptography. Such cards are currently available but are not yet in common use.
Bluetooth??
The vulnerabilities of Bluetooth technology have also been well documented. Bluetooth technology enables wireless communication among electronic devices in close proximity. For example, a Bluetooth-enabled computer could work with a wireless keyboard or mouse. In August, security flaws in Bluetooth-enabled mobile phones allowed criminals to access the information in the phones including contact information and text messages.
This would be damming stuff, if it wasn't crazytalk. The DHS card has nothing to do with Bluetooth. Unlike the "RFID" claim in the paragraph above, there isn't even anything close to Bluetooth that the DAC uses. Nothing. No Bluetooth. Nuh-uh. Bluetooth has nothing to do with identity cards. I don't even think you could put Bluetooth onto a card if you tried; I believe (though I could be wrong) that Bluetooth requires an active power source and contactless cards are all passive. I have no idea what EPIC is talking about, other than maybe DHS said that they would test Bluetooth as a way to hook up computers to phones or something. Also, all the "Bluetooth flaws" that are so breathlessly reported in the EPIC report aren't really flaws with Bluetooth at all, but with specific phones and devices that happen to use Bluetooth. This is an important distinction but I don't want to dwell on it here because THE DHS CARDS DO NOT USE BLUETOOTH.
Biometrics
The DAC identifies the cardholder and her level of access through the use of a biometric identifier—a fingerprint. A recent report by National Institute of Standards and Technology (NIST) showed that one-fingerprint identification systems had an accuracy rate of 98.6 percent, while the accuracy rate rose to 99.6 when two fingerprints were used and 99.9 when four, eight and ten fingerprints were used.
This makes it sound like unauthorized individuals will be getting in all the time while legitimate users will often be locked out of their doors and computers! Fortunately, it doesn't work like that. The accuracy of most biometrics systems can be tuned by balancing two competing types of errors: false positives and false negatives. A false positive error occurs when a bad guy's fingerprint gets mistakenly matched for a good guy's fingerprint. A false negative error occurs when a good guy's fingerprint doesn't get recognized at all. Since fingerprint scanning produces slightly different results each time, the system must be configured with a certain tolerance level. If the tolerance level is very loose, you can virtually eliminate false negatives at the cost of greatly increasing false positives. The system basically says, "Meh, it looks kindda like a fingerprint - go on in." If the tolerance level is very strict, you get the opposite effect: "Your fingerprint is off by 0.00001 millimeters - no access for you!"
The accuracy rate is also heavily influenced by how many possible fingerprint matches the system has to consider. If the system has to match your scan against a large database of enrolled fingerprints (called a "one-to-many" match), it's far more likely to come up with a false positive ("hmmm, it kindda looks like user #7654231") and somewhat more likely to come up with a false negative ("it could be this guy or that guy, I better just punt"). The DHS card avoids this problem by matching your fingerprint against only one possible user - the user stored in the card - so the chances of a false positive are very low because someone trying to trick the system can't just match *anyone's* fingerprint, they have to match *your* fingerprint. Also, the match tolerance can be set very high thereby further reducing the chances of a false positive but increasing the chances of a false negative.
So you can virtually eliminate the false positives (and therefore security risks associated with biometric access), but doesn't the relatively high false negative rate still mean that legitimate users will be locked out? Not really. If you get a false negative, you just have to scan your finger a second time. Let's say it takes you 2 seconds to scan your finger and the false negative error rate is 5%. Most of the time (95%) you'll get access in two seconds. Most of the rest of the time (4.75%) you'll get in with two swipes and four seconds. Every 400 tries or so, you'll have to wait six seconds. If you stay at your job for 20 years, you might have a chance of waiting eight seconds for access once. I use a biometric reader to log onto my laptop and (once I figured out how to hold my finger) it takes me about two seconds to get a good match.
EPIC then proceed to quote out-of-context one of their own (earlier, better) reports:
Once a biometric identifier has been compromised, there can be severe consequences for the individual whose identity has been affected. It is possible to replace a credit card or Social Security numbers, but how does one replace a fingerprint, voiceprint, or retina scan?
Err. That's exactly why you need to link the biometric identifier to a card - just like DHS is doing. You can't revoke a fingerprint, but you can revoke a card. The fingerprint itself doesn't do you any good and, if you lose your card, you can always re-scan your finger and associate it with the replacement card. The criticism quoted above is perfectly legitimate when levied against ill-conceived attempts to use biometrics as identifiers by themselves, but is ironically inappropriate in discussing the DHS program.
PIN
The Department has a backup system built into the card—if the fingerprint identification fails, then the employee can gain access by using a 6- to 8- digit PIN. By allowing alternate access through the PIN, Homeland Security creates all of the vulnerabilities associated with allowing complete access to secure areas and information through one password.
The PIN is not inherently a way to bypass the biometrics, it's just another factor of authentication. The DHS card provides applications with three factors to choose from: physical possession of the card (which is always required), fingerprint biometrics and a PIN. Each door lock or computer program that uses the card can determine to use one, two or all three of these factors depending on the level of authentication security required. For example, getting into the front door of a busy, low-security area may require only the physical possession of the card. Logging into a computer may require the card and either the biometric or the PIN. Accessing a very high-security file may require all three. Giving applications designers more options does not reduce security. Of course, some designers may make dumb choices about authentication, but that's not the fault of the card program. Also, keep in mind that the lambasted "card and second factor" system is much better in almost every security and convenience regard than the "password only" systems it's designed to replace.
Wrapping it up
In the fall, hundreds of thousands of personnel will have access cards equipped with personal information, biometric and wireless technologies, and the security risks associated with their use.
Exactly. That's why we need coherent debate to distill some clarity about the risks and rewards. This EPIC report - by combining one part gross technology misidentification (RFID), one part random gibberish (Bluetooth), two parts common misunderstanding (biometric accuracy and PINs) and stewing in politics thinly-disguised as security analysis - just makes mud.
April 11, 2005 | Permalink | Comments (3)
Bad Idea Jeans
A few weeks ago I bought a green laser pointer from ThinkGeek for no good reason. It's really very impressive and I played with it intently for 45 minutes before losing it in a desk drawer somewhere. During that time, I performed a little thought experiment: "I wonder what would happen", I thought, "if I pointed it at a passing airplane?"
It seems that somebody has actually run the experiment and the results are exactly as I'd imagined.
January 5, 2005 | Permalink | Comments (2)
More cool cartograms
This is not a squished butterfly or a rampaging elephant. It's a cartogram by Michael Gastner and colleagues from the University of Michigan showing a county-level election map of the United States where the relative sizes of the counties are based on population, not geographic area. Check out the entire page which starts with the familiar red/blue election map and iteratively deforms it to show the voting patterns of individual voters.
Are these types of cartograms useful, other than for making democrats feel slightly better? Probably not, but they're neat to look at and they represent the continuum of political belief in this country far better than geographic maps.
I guess it really is a rampaging elephant, after all.
Thanks to Lee Wright for the link.
November 12, 2004 | Permalink | Comments (3)
Election day
The top headline on every single major US news site right now is something to the effect of, "LONG LINES AT THE POLLS - Voters Wait for Hours to Cast Ballots". Reading the stories, I half-expected to see a callout quote such as:
"It wasn't worth it", said a thirsty and dispirited voter.
Nice job, mainstream media. Way to keep people at home. For what it's worth, my wait to vote was exactly 45 seconds.
November 2, 2004 | Permalink | Comments (4)
Red Sox Nation - Far East
Due to a last-minute change of schedule, I had to send Seth Hitchings, one of our best (read: customer presentable) engineers to Taiwan during World Series week. Apparently, our local team was somehow involved. Seth managed to catch most of the games live from his hotel room and a tea shop. He kept a web journal, complete with pictures, of the events.
I was flying home from Denver during the last game. The pilot had the game on one of the in-seat audio channels. The Sox won just as we were taxiing to our gate at Logan and I thought that mobs of fans would run out onto the tarmac and tip my plane over.
People seemed to be in a pretty good mood around the office today. I assume it must be because they missed me during my two weeks of travel.
Seth, sorry you missed the home crowds; take pride in your role as Red Sox ambassador to the people of Taiwan. Thanks for going.
Oh, nice tie.
October 28, 2004 | Permalink | Comments (1)
Things to Do in Denver When You're Fed
I'm in Denver, Colorado for the Digital ID World 2004 Conference. I came in directly from Japan (great trip, despite the typhoon and four earthquakes), so I'm going to spend some time balancing out the excellent tofu and tempura of Kyoto with good old-fashioned American steak.
Tomorrow (Tuesday, 10/26), I'll be speaking on a panel discussion about "PKI Deployments. Balancing Return, Cost & Complexity" from 2:30 - 3:30. If you're at the show, feel free to stop by and heckle me.
Please no, "Who's your daddy?" I was asked that by the US passport control officer at LAX where my standard response tactfully invoking the questioner's mother seemed situationally inappropriate.
October 25, 2004 | Permalink | Comments (1)
Jakob Nielsen's Alertbox
Jakob Nielsen has posted a new alert entitled "User Education Is Not the Answer to Security Problems" (amen). Among other recommendations, Jakob advocates that we:
Digitally sign all information to prevent tampering and develop a simple way to inform users whether something is from a trusted source. This might, say, replace current stupid security warnings that people don't understand because they expose the guts of the technology. ("The security certificate has expired or is not yet valid." Aha. And what does that mean to a normal person?)
I've been saying something like this for years. I'll even go a bit further: there is no good reason, today, that any legitimate email sent out by a serious company should not be digitally signed. A small number of consumers behind email-modifying proxies may get confusing error messages (companies can mitigate this by sending important mail without embedded HTML or JavaScript), but this can be quickly ironed out.
If you're a bank, hospital, or any other company that's worried about consumer confidence in your brand - you should be signing all of your outgoing email. Period.
Jakob's whole article is very good. Read it here.
October 25, 2004 | Permalink | Comments (0)
What's taking so long in that voting booth?
Edward Felten over at Freedom to Tinker has two amazing posts (one, two) about bugs in popular electronic voting machines that, if true, make it possible for just about anyone with a $50 smart card kit to vote multiple times and otherwise seriously tamper with the election. Actually “bugs” is not the right word. The problems stem from a design so stupid that it’s hard to spot the specific error. Like someone once said, “This so far off it’s not even wrong.” Google thinks that someone was Wolfgang Pauli.
I’ve put together the following technical illustration to explain the problem:
Here’s a slight variation on the “conversation” from Edward’s first post. It won’t make sense until you’ve read the original.
terminal to card: "My password is 1234"
card to terminal: "la la la la la la la la la la"
terminal to card: "Are you a valid card?"
card to terminal: "No. I mean yes!"
terminal to card: "Please deactivate yourself."
card to terminal: "Whatever you say, spaceman."
For the record, I cannot verify that Edward’s description of the problem in Diebold machines is accurate. However, the allegations are well documented and wholly consistent with the track record of electronic voting machines in this country. I can verify that “programming” smart cards is as easy as claimed; we do it all the time. Of course you can make smart cards (or, more accurately, smart card based systems) that don’t have such flaws (again, we do it all the time), but just because something could be done correctly, doesn’t mean that it has been done correctly.
The problems with electronic voting machines should be front page news. These aren’t slight theoretical flaws. They’re a clear and present danger to the foundations of our democracy. Note, that I don’t believe the allegations that these flaws are deliberately engineered to throw the election. Occam’s razor digs up carelessness and incompetence long before it gets to malice. Either way, the problems are inexcusable. Secure electronic systems are a well known area. For example, Dielbold also makes perfectly good ATM machines. They should know how to build a secure box.
October 16, 2004 | Permalink | Comments (5)
FDA approves giant pennies
Here’s the MSNBC article. Prior discussion on this blog can be found here and here.
All kidding aside, I think implantable RFID chips were a great idea for cows and are a great idea for those people who, like cows, cannot be expected to remember to bring their wallets all the time. A medical history application is a reasonable use for this technology. Just to be clear, your medical history is not stored on the chip. The chip just has an ID number which can be used to call up your history from an existing database. Access to the database can be controlled using the normal methods. It’s kind of like those medical ID bracelets that professional golfers always seem to wear. Not the magical copper and magnet ones; those are crap.
October 13, 2004 | Permalink | Comments (0)
e-Passport problems
There’s a good write-up in the EETimes about recently discovered flaws with the Department of Homeland Security’s proposed electronic passports. The new passports have an embedded contactless (ISO 14443) “smart-card” chip that stores personal information and (sometimes) a biometric template. The problems come in two flavors: reliability and privacy.
The reliability issues are what you’d expect from a fairly new technology with mandated cross-vendor interoperability: some readers were not able to properly read some passports placed on them. I have no reason to believe that this is a serious problem. Like other standards before it, ISO 14443 will take a few generations to work out the kinks. We at CoreStreet work with many cards and readers and I expect that the number we have to smash (run over, shoot, microwave) out of frustration will decline over the coming months. Remember how hard it was to get Ethernet cards to work correctly in the late eighties? No? Sometimes I think I missed out on some fun in that decade.
The privacy issues are more serious. Basically, since the current standards don’t call for any encryption between the passports and the readers, it’s possible to build a clandestine reader and read passports from a distance:
Using a reader equipped with an antenna, NIST testers were able to lift "an exact copy of digitally signed private data" from a contactless e-passport chip 30 feet away, said Neville Pattinson, director of business development technology and government affairs for smart-card provider Axalto Americas.
Two government officials are quoted with reassurances:
An ICAO spokesman said the organization specifies a contactless "proximity" chip that can be read only within a distance of a few inches. He said he didn't know which chips had been used in the tests but called it "extremely unlikely" that proximity chips could read information from more than 4 inches away.
Unfortunately, the distance limitation on the read has more to do with the antenna on the reader than with the chip on the passport. Four inches is the maximum range for a regular antenna and a fast read time, but significantly greater distance can be achieved with larger antennas and multiple attempts. Radio wave stuff is a black art to me, so I can’t say for certain whether or not it’s possible to restrict the read range on the actual chip, but i doubt it.
Another misleading quote follows:
A Homeland Security spokeswoman confirmed the tests had "demonstrated that if the readers are not designed with appropriate shielding, the data transmitted from the chip to the reader could be detected several feet away."
Once again, the problem has nothing to do with the legitimate readers. You can shield the readers in the finest dwarven mithril, but that won’t stop a rogue reader from getting at your passport data.
The only long term solution is to add encryption to the cards. This can’t be done in any meaningful way with most current ISO 14443 chips because those cards are not capable of storing a secure private key. The finer points of public key cryptography are beyond the scope of this blog entry, but suffice it to say that the only way you can have meaningful encryption for tens of millions of individual passports is to have individual private keys. There are cards that can do real public/private key stuff on a proximity interface, but this “dual interface” technology (so called because the cards can be typically be used in contact or contactless mode), is probably a year or two away from widespread use. Maybe these kinds of findings can spur the industry forward.
In the meantime, the article suggests that it would be extremely impractical for bad guys to build giant covert readers, and that metal-lined passport wallets can minimize opportunities for unauthorized reading. Both statements are true, so there’s no cause for near-term concern. The chips are good enough for now, and “dual interface” cards will clean up the remaining problems over the next few years.
One quote near the end really caught my attention:
Kefauver also speculated that at some point, the contactless chip and passport could be eliminated altogether. Instead, a person's biometric data would be measured at the point of contact and compared with information stored in a central database. That would shift the security concerns from the chip to the network.
Now that seems like a really dangerous idea. The privacy, reliability, performance, cost and security implications of a central database approach are all potentially catastrophic at the scale we’re talking about. Proving this is left as an exercise to the reader.
(But if you have the answers and want a job, drop me a note.)
October 12, 2004 | Permalink | Comments (4)
A suggestion for either candidate
There’s one presidential debate left, but the space I’ve set aside in my head for repetitive bumperstickerism is all filled up and no more spin will fit through my ears. I’d like to see something new. Therefore, even though I’ve otherwise made up my mind, I promise to vote for whichever candidate looks directly into the camera and, punctuated by the loose-fist-with-semi-extended-thumb gesture, delivers the following closing statement:
My fellow Americans,
I like pie.
I like cherry pie.
I like apple pie.
I even like...
Strawberry-rhubarb pie.But my fellow Americans,
Let me tell you:Shepard’s pie.
Is. Not. A. Pie.Thank you and god bless.
I’ve timed myself doing this speech, and it can be forcefully delivered in thirty-seven seconds. A strong appeal to deep-rooted values and no worries about the two-minute blinkenlights; how could you go wrong?
October 9, 2004 | Permalink | Comments (5)
Giant leap for geek-kind
Today, SpaceShipOne won the Ansari X Prize by becoming the first commercial craft to reach “space” twice in one week. The psychological transformative power of this event didn’t really sink in until I just wrote “space” in the last sentence and realized that that word doesn’t make a whole lot of sense anymore. I haven’t been this excited about a technological achievement since…well, since the NASA Mars Rovers from earlier this year. Or maybe Cassini. Ok, so I’m highly space-excitable. There’s that strange word again.
No, this is way more exciting; my dreams of being a NASA astronaut ended years ago when I forced myself to admit that they’re never going to need a “SQL Specialist” on the space station. But being a boorish and out-of-place tourist? That’s practically my life’s work.
Anyhoo, I’ve just signed up to be first in line when Virgin Galactic starts flying. Maybe if I save up all of my frequent-flyer miles between now and then I can score a free trip. If you think I’m kidding, you haven’t seen my frequent flyer activity.
October 4, 2004 | Permalink | Comments (1)
I register to vote
I’ve been putting off updating my voter registration until just a few minutes ago, when I decided to put off an even more boring task by updating my voter registration.
First stop, www.chooseorlose.com. Flash animations, cheering teens, techno music. “Drew Barrymore Hunts the Elusive Young Voter.” Forget voting, I wouldn’t register to receive free ringtones from this site.
Next stop, www.rockthevote.com. This is even worse. The scrolling banners are making me nauseous and every flash-animated screen has photos of painfully cool youth emoting what I can only assume is a mixture of ridicule and resentment towards my out-of-the-demographic, insufficiently-eXtreme self. I’ve never been so depressed about voting. Someone must have an online “register to vote” site for people who don’t know what a Lil’ Kim is.
Thank the boring gods for the Electronic Frontier Foundation. The EFF’s voter registration page is quick and painless; you put your name and address into a web page and it gives you a filled-in, pre-addressed PDF form that you can print out and stick in the mail. Many thanks to Wendy Seltzer for providing the link. Oh, you can win $200,000 or something.
Done and done, and with ten whole days to go, I can be proud of not having waited till literally the last possible minute. Democracy is just that important! Well, I live in Massachusetts, so my vote has no real meaning anyway. Still, it’s better to be depressed about Electoral College inequity than about being too old for MTV.
September 21, 2004 | Permalink | Comments (1)
Important reminder!
Tomorrow, Sunday September 19th is International Talk Like a Pirate Day. Savvy?
September 18, 2004 | Permalink | Comments (0)
Foo Camp roundup
I got back from O’Reilly’s Foo Camp a few of days ago. It was… what’s the expression the kids used to say…Insanely Great. There were lots of impressive people and keen sessions. Among other things, we figured out how to do electronic voting exactly right. More on that later.
The picture, by James Duncan, is of a working 3D chocolate printer made out of Lego. Click on the thumbnail for a larger view.
Just for the record, I “camped” in the Sebastapol Holiday Inn Express. It didn’t make me any smarter, but at least I could snore without making any permanent enemies among the world’s Alpha Geeks.
Since I’m way late in blogging this event, I’ll take the path of least resistance and just provide a partial (!) list of other blog coverage. This Internet thing is gonna be big some day.
Cameron Marlow (Overstated)
Chris Shiflett
Danyel Fisher (Made of People)
Dav Coleman (AkuAku)
Dave McClure (Master of 500 Hats)
David Hornlik (VentureBlog)
David Weinberger (Joho the Blog)
Don MacAskil (onethumb)
Erik Hatcher
Furzundfeuerstein (Fart and Flintstone)
James Duncan (Whoot!)
Jeff Barr
Jim Winstead (trainedmonkey)
Mark Fletcher (Winged Pig)
Mark Frauenfelder (BoingBoing)
Mie (Kokochi)
Mike Clark
Nan Barber
Paul Jones
Robert Scoble (Scobleizer)
Russel Beattie
Tantek Çelik
Tim Bray
Zak Greant (Polymorph)
Ross Mayfield
September 17, 2004 | Permalink | Comments (2)
Shape of politics
Last week I wrote about the 4:1 imbalance of Electoral College voting power between the citizens of big and small states. Now, Electoral-vote.com has a nifty new cartogram (a map distorted by some variable) showing the relative electoral votes of each state. The colors represent current poll results in the presidential race and are updated daily. Click on the picture for the full-size view.
So now we have two choices for making presidential elections fair in this country: (1) Reform the Electoral College. (2) Find a way to push and stretch the tectonic plates under the North American continent to physically rearrange the landmass to the shape above. Keep in mind that the first option is politically difficult.
[Update: Actually, I just realized that option 2 won’t change the voting power. I hope no one has started already.]
September 14, 2004 | Permalink | Comments (9)
You can so fight that
You know what I hate? Besides people who doubt my robot-reviewing integrity? I hate quasi-profound philosophical arguments that are just plain wrong on their face. This year’s commonly seen example is used as an argument against the “War on Terror” and usually attributed to Michael Moore or Gore Vidal (although I’ve heard this particular chestnut for at least a decade): “You can’t fight a noun.”
You can so.
You can fight an addiction. You can fight a war. You can fight a dog. You can fight a fat man.
You can’t fight City Hall, but that’s just a bad example.
Here’s video proof of me fighting a noun.
Sometimes, the phrase is rendered, "You can't fight an abstract noun.” That’s a little better, but still incorrect, because you can fight, say, depression. I think “depression” is an abstract noun by this definition:
An abstract noun refers to states, events, concepts, feelings, qualities, etc., that have no physical existence. eg: Freedom; happiness; idea; music are all Abstract Nouns that have no physical existence.
Now, maybe Mr. Moore or Mr. Vidal mean that you can’t *physically* fight an abstract noun. As in, "you can’t fight depression by punching." Even this doesn’t seem to be the right because (1) it’s such an obviously narrow statement that it’s not worth making, and (2) if you punch a depressed person, you probably could snap him out of depression at least for a bit. Or maybe you could punch a mime in front of a depressed person. That would probably cheer him up (the depressed person, not the mime), and if your goal was to get rid of the depression then you can’t really be said to be “fighting the mime.”
Occasionally, the person using this argument starts to feel the linguistic thin ice cracking under their mixed-metaphorical feet, so they try to button up the phraseology: “You can’t fight a war against an abstract noun.”
Better still, but gibberish nonetheless. The accuracy of that phrase hangs on your definition of “war”. If you only mean literally blowing things up with tanks, then I guess that statement could be technically correct. On the other hand, we did pretty well fighting a war against the abstract nouniness of “fascism” in WWII and I believe that blowing things up with tanks was a cornerstone of our persuasive arguments. More recently, a “cold war” against hyper-abstract “communism” also produced some results. Then there’s always the expression, “war of words”. What do we make of that?
Anyhoo, the point is that while you may be able to find plenty of arguments against the specifics or generalities of the “War on Terror”, you ain’t gonna find them in your Strunk and White.
Please don’t write in to explain what these people meant to say. I’m not making a political statement here, only pointing out that what they did say is stupid. Social debate would be better served if both sides stayed away from this kind of bumper-sticker sloganeering in the first place. This is not Mr. Moore’s first warning, either.
And don’t get me started on the current right-wing and pseudo-scientific favorite, “You can’t prove a negative!”
You can so!
September 8, 2004 | Permalink | Comments (12)
Balanced ticket
Everyone knows that “one person, one vote” is both the bedrock principle of democracy and totally inapplicable to US presidential elections. That’s common knowledge, but I was curious about just how uneven the process is, so I did a bit of Electoral College arithmetic to figure out the difference in “voting power” between voters in different states. (For my international readers, here is the official FEC explanation of how US presidential elections really work - and I’m glad to see that not too many tax dollars are being spent on web design there.)
To find the “voting power” of each voter by state, I divided the total number of eligible voters in each state by the number of that state’s electoral votes. By this (admittedly flawed – see the disclaimer) math, the Bush/Cheney ticket represents both sides of the electoral power spectrum. Somehow, I don’t think we’ll see any bragging.
The most “powerful” voters are in Vice President Cheney’s home state of Wyoming (123,473 eligible voters per electoral vote). President Bush’s state of Texas has the third “weakest” voters (467,091 eligible voters per electoral vote). The only two states with weaker ratios are more-populous California (469,040:1) and more-geriatric Florida (486,619:1).
This means that George Bush would have to vote 3.78 times to get the same electoral effect as one vote cast by Dick Cheney. This just might be possible with them newfangled closed-source, paperless e-voting machines.
By contrast, John Edwards’ vote is only worth 1.03 Kerry votes. Here’s a quick spreadsheet I made of all the states: (HTML or .xls, .csv) All data is from the US Census Bureau.
I’m not sure how to feel about all this. On the one hand, the Electoral College bias in favor of small states seems statistically unfair. On the other hand, it encourages particularly politicaly active people to move to less populated areas – and away from me.
This brings us to our next Vastly Important Poll:
[Disclaimer: This analysis is flawed for at least three reasons.
1. Population data is from the latest July 2003 estimate, but demographic data for 18+ percentages is from the 2000 census. This is probably a very small error.
2. Immigration data is not included. Non-naturalized immigrants (legal and illegal) count towards the population total but are not eligible to vote and will therefore skew the given ratios. This is probably a small error.
3. The “winner takes all” nature of most state electoral delegations is probably a bigger contributing factor to voter influence than the ratios presented here.]
September 1, 2004 | Permalink | Comments (7)
Common ID mandate
Last Friday, the White House issued a presidential directive calling for a “Policy for a Common Identification Standard for Federal Employees and Contractors”. The policy is mandated to be completed by March, 2005 and by November 2005:
“… the heads of executive departments and agencies shall, to the maximum extent practicable, require the use of identification by Federal employees and contractors that meets the Standard in gaining physical access to Federally controlled facilities and logical access to Federally controlled information systems.”
This is big news: a common standard for identification credentials to be used for both physical and logical access for the roughly 60 million US government employees and contractors. The contactors have a very important role to play. Once big contractors like Boeing, SAIC, Raytheon, etc. start giving smart cards to all their employees for use on government work, they’ll naturally want to leverage the investment on the commercial side as well. I’ve often said that real credentials and validation are the only ways to solve common problems such as phishing and identity theft. Just as with the development of the Internet, the federal government is once again the main initial catalyst for new technology that’s going to change the foundations of mainstream business transactions in the near future.
The big question: If this grows past government employees, can we do it without infringing on people’s rights? I think we can.
[The small question: Is the “near future” near enough for my investors to make a healthy return? I think it is.]
August 30, 2004 | Permalink | Comments (0)
I asked for a debate
There’s a pretty good and lengthy discussion brewing in the comments section on my last post about national IDs. I say this as a service to my RSS and bloglines readers who, as far as I can tell, do not normally get to see comments (and who don’t show up on any of my page view stats). Oh, you’re so smug.
August 23, 2004 | Permalink | Comments (0)
E-Voting radio link
The Viewpoints Radio e-voting interview I did last month is up on the web. Here’s the audio clip (Windows Media, 2:32 minutes) and my blog entry from when it happened.
Viewpoints Radio bills itself as, “Compliancy-based public affairs” and runs weekly on 250 radio stations. According to my calculations, that means there’s a 6% chance that my rambling about public disclosure of voting machine innards is interrupting somebody’s smooth-jazz marathon right now.
August 21, 2004 | Permalink | Comments (0)
Charlie Wilson’s Movie
Thanks again to Lee Wright for pointing out that someone in Hollywood apparently has the good sense to make a movie out of George Crile’s Charlie Wilson’s War. To continue the arbitrary comparison started in my previous review of the book, I’m certain that the movie will feature more cocaine, true-life espionage and attack helicopters than, say, The Chosen.
Tom Hanks will be playing the eponymous congressman. No other casting information is available, but I hereby decree that the role of CIA-meshuganah Gust Avrakotos must be played by Harvey Keitel.
I await my check from central casting.
August 20, 2004 | Permalink | Comments (0)
Boston is quiet
Predictions of a chaotic Boston snarled by convention security and impassable by car, subway or foot have so far proven to be a complete bunko. It seems like half the locals treated the warnings as a good excuse to get out of town for the week. The road traffic during rush hour is significantly lighter than on less newsworthy days, the subways are brisk and even downtown restaurants aren’t bulging at the seams. I have to believe that, convention hotels and temporary construction crews aside, the local business community is losing a bucket of money.
As promised I took the “T” down to the convention center to check out the action at about 7pm. It was underwhelming. Here are some snapshots. Click on the thumbnails for a larger view.
This is the view of the convention center from the entrance of the “Free Speech Zone.” I’m not a big sports fan, but my friends tell me that the crowds here are usually larger when the Bruins play whatever it is they play. Low temperature water-polo, I think.
Here’s a sign in front of the fenced-in free speech zone. It seems reasonable to me. I guess the official name for this is the "demonstration zone". Notice the lack of people pushed into the fence. This will be a recurring theme.
The inside of the fenced-in area has one raised stage with a podium. The stage was occupied by this group of protesters. Apparently this was the real group, not the parody, but who can tell for sure these days? There were maybe thirty people in front of the stage taking pictures and/or heckling. Someone had written “This pen is shameful” on the podium, but they wrote it in chalk so I had to blink a few times before the message parsed. The other side said, “Flee the pen!”, which makes sense in a “mightier than the sword” sort of way. Notice the razor wire on the top of the overpass – this was the only place with razor wire and it might have been more for keeping the pigeons at bay than for controlling the protesters.
The rest of the protest zone was almost completely deserted. There were a few signs hanging on the fences. About half of the signs were protesting the protest zone itself. It seems like the biggest controversy in this convention is the forum set aside for discussing controversy. The meta-protesters hung up their signs and mostly left. I can’t decide if this is true irony or just the sort of thing that Alanis Morissette would find ironic.
The only vocal group outside of the protest zone was a sizable gaggle of Lyndon LaRouche supporters handing out their strangely comma-suffused alternative DNC platform. Here’s an example sentence from the section entitled “Monetarists and Physiocrats as Such”:
Among domesticated cattle, except those raised and killed as fighting animals for public amusement, the preferred tactic is a combination of genetic downscaling of the mental capabilities and impulses of the captive, with culling of those specimens which are considered, for formally rational, or utterly capricious reasons, as undesirable.
I’m not sure why the LaRouche folks were allowed to chant outside of the demonstration zone. How many times are they going to be able to say “Physiocrat” at passersby before someone is willing to throw down?
All in all, the security situation seemed to be under control. People are staying away from downtown and, with any luck, the big story next week will be how all the media predictions of catastrophe were vastly overblown. Only two days to go.
[BTW, I’m not going to comment on those Kerry NASA pictures, except to say that if I were given the opportunity to crawl around a NASA rocket in a bunnysuit, I would look just as happy and a whole lot less dignified.]
July 28, 2004 | Permalink | Comments (1)
Convention Eve
If somebody had told me four years ago that all protesters at the Democratic convention in 2004 would be corralled into a razor-wire enclosed holding pen un-ironically called the “Free Speech Zone”, well, I would have probably thought that they were more or less correct. It’s still mighty creepy though. I’m no student of architecture, but from seeing the place a couple of days ago I’m pretty sure it’s done up in early Camp X-Ray style. The design seems to be as much intended to keep potential protesters at home as to keep the people who actually manage to show up well behaved. This might all be necessary – it’s hard to know right now.
I think I’ll try to get down to the convention site in the next day or two just to see what the scene is like live and in person. I’m especially curious if the “free speech” area is only for protestors or for all demonstrators (pro and anti-convention alike). Some of the security arguments seem to get pretty weak if mobs of supporters are subjected to less supervision than mobs of protesters. Will a “Kerry / Edwards” sign really get someone closer to the action? We’ll see.
July 25, 2004 | Permalink | Comments (0)
The Mexican anti-kidnapping chip mystery
Rafael Macedo, the Attorney General of Mexico made an interesting claim yesterday:
Mexico's attorney general said on Monday he had had a microchip inserted under the skin of one of his arms to give him access to a new crime database and also enable him to be traced if he is ever abducted….
"It's an area of high security, it's necessary that we have access to this, through a chip, which what's more is unremovable," Macedo told reporters. "The system is here and I already have it. It's solely for access, for safety and so that I can be located at any moment wherever I am," he said, admitting the chip hurt "a little."
I’m more than a little skeptical about the anti-kidnapping claims; I’m not aware of any current technology that’s small enough to be implanted under the skin and still have enough radio and battery power to broadcast its location more than a few feet. VeriChip, the manufacturer of the implantable RFID chips pretty much says the same thing:
Aceves said his company eventually hopes to provide Mexican officials with implantable devices that can track their physical location at any given time, but that technology is still under development.
My guess is that Señor Macedo’s claims are a little ahead of the technology. Unless your implanted RFID chip happens to pass within a few feet of a reader, and that reader is linked into some central alert network, I don’t see how the tracking would work. If the Mexican chips are significantly more advanced than my best guess, I’d love to know the details. Otherwise, I’d think twice before boasting about how the chip can find me in the case of a kidnapping and about how “unremovable” it is. The first claim is a bit premature. The second claim sounds like a challenge I wouldn’t be too keen about extending to any kidnappers.
If anyone wants a real tracking beacon for use in case of kidnappings or other natural disasters, I recommend the Breitling Emergency. Sure it’s big and removable, but camouflaged by a sufficient tonnage of other bling, it may escape your captors’ attention long enough to signal for help.
Plus, you can use it as a cudgel.
July 15, 2004 | Permalink | Comments (4)
E-Voting interview
I did a pre-taped radio interview on the topic of electronic voting today. It should air in the next few weeks. My two main points were:
1. Full public disclosure and strong auditing of the source code and all other details of an electronic voting system are necessary for public trust. No voting system that relies on obfuscation for security should be placed into service.
2. A paper trail is absolutely necessary, for now, to validate election results. In a few years, it may be possible to phase out paper completely once a strong digital-certificate based credential (like the U.S. Military’s Common Access Card) makes it into the hands of voters.
Much of my views on electronic voting have been informed by Edward Felten over at Freedom to Tinker.
July 12, 2004 | Permalink | Comments (2)
Let's put some science into the terror alert debate
Is the U.S. government playing politics with recent terror warnings? I don’t really care. What I care about a lot more is: are those warnings effective? Fortunately, while people arguing the first question are probably not really interested in finding an answer, the second question should yield fairly well to dispassionate analysis.
Hype and political considerations aside, the two most frequently heard arguments in the debate over the value of periodic but vague terror alerts by the U.S. government are:
Con: The alerts make people apprehensive and afraid. This hurts our society (the “terrorists have already won” argument) and diminishes the impact of future alerts (the “boy who cried wolf” argument).
Pro: Even though the alerts may make people nervous, they also remind people to be vigilant. Since information is the most important weapon in the fight against terrorism, an attentive citizenry is worth some disruption to daily life (the “price of freedom is eternal vigilance” argument).
Both points are plausible, but are they true? I’m not sure, but there’s probably some useful behavioral data out there that could be used to evaluate the competing claims.
For example, is the “boy who cried wolf” phenomena measurable in the real world? Surprisingly, not everything named after a fairy tale is completely reliable. In other words, are people who are repeatedly subjected to false alarms actually less likely to effectively react to a real emergency situation? After all, most military and emergency workers are constantly drilling with “false” alarms and no one seems to feel that this compromises their readiness. Of course these teams are repetitively practicing specific skills, not just being repetitively told to be anxious. Maybe that’s the difference.
Similarly, is the “vigilance” claim accurate? Are people who are repeatedly told to be on guard actually better able to identify and respond to emergency threats than people who are more relaxed? Many skydiving or SCUBA instructors go to great lengths to teach their students how to be physically relaxed in dangerous situations; the justification being that an attentive but at-ease mind is more effective at coping with unexpected circumstances. Does this logic apply to national terror alerts?
These are fairly n