Privacy and Obscenity?

Put bluntly, the law of obscenity, no matter how longstanding, has never satisfied constitutional requirements, and it never will. Finally, a judge has been brave enough to say as much. This opinion is notable for that reason – and for Judge Lancaster’s novel approach. His opinion attacks the obscenity laws on privacy grounds – and thus may be more effective than pure free-speech attacks mounted in the past.

Noise pointed me to Julie Hilden’s article at Findlaw.
The argument in a nutshell seems to be that the interest of the government in banning obscene matter is less than the privacy interest of the viewer of that matter, wherein privacy means the ability to contemplate icky stuff in one’s own home. The decision, for you law buffs, bypasses Miller, and focuses on Lawrence v. Texas and Stanley v. Georgia.

In addition, the Lawrence Court also reached another conclusion highly relevant to the Extreme Associates case. It concluded that the fact that a given law is a longstanding prohibition grounded in widely-held moral beliefs is not, in itself, a reason for a court to hold that law to be constitutional.

Sounds moral to me.

Small Bits of Irony: Secure Flight, Insecure Borders

Bruce Schneier talks about the Secure Flight being an improvement over the current watchlist system, but can’t give us details. The new system will rely on more information in the reservation. But if we don’t have that more information on the person on the watchlist, what will happen? Eg, if there’s no known birthday for David Nelson, will all the other David Nelsons still be in trouble? Will it store information on gender and race, which would be useful in reducing false positives for folks like Johnnie Thomas?

Oh, and while putting in place this expensive, ineffective system, Congress isn’t funding border guards.

More on Nothing to Hide

Chapell points out a very interesting correction at the top of this Seattle Times story:

A previous version of this story on Tukwila firefighter Lt. Philip Lyons being charged with first-degree attempted arson incorrectly stated that police reports indicated he had used his Safeway Club Card to purchase 16 fire-starters between June and August. Lyons had actually purchased only one fire-starter during that time, according to charging papers. The police report indicated that 16 fire-starters were purchased by all customers at the Safeway store where Lyons purchased his fire-starter between June and August.

Were these Safeway brand fire-starters? Did the police check only one Safeway, or every one (or every grocery store) within some distance of the fellow’s house? Did they have a warrant to get that information? Is it routinely shared by local Safeway stores?

[My earlier post on this is “Nothing to Hide, Plenty to Fear.”]

Small Bits of Hope

Some moving blog posts from Iraq include Hammorabi, Messopotamian, and Iraq the Model

The first thing we saw this morning on our way to the voting center was a convoy of the Iraqi army vehicles patrolling the street, the soldiers were cheering the people marching towards their voting centers then one of the soldiers chanted “vote for Allawi” less than a hundred meters, the convoy stopped and the captain in charge yelled at the soldier who did that and said:
“You’re a member of the military institution and you have absolutely no right to support any political entity or interfere with the people’s choice. This is Iraq’s army, not Allawi’s”.
This was a good sign indeed and the young officer’s statement was met by applause from the people on the street.

(Here’s an archival link for Iraq the Model.)

Good Luck to Iraqis!

In tomorrow’s elections. I have to say that despite a great deal of skepticism in the feasibility, and disappointment over the execution, of Bush’s vision for the Middle East, it represents the one of the core American beliefs. Lincoln called the ideas of democracy the last, best hope of mankind, and in that, he was right. Democracy represents a belief that we can peacefully work together and find ways to allow each of us to pursue our own dreams. I hope that tomorrow, hope will overcome fear, and we’ll see a strong turnout, no violence, and the start of a legitimate government in Iraq.

New York Times Links

Aaron Swartz has produced a link generator for the New York Times. It takes a URL and makes it archival, so that it doesn’t expire, and you should be able to visit it after two weeks are up. Its a lazy Saturday afternoon; Atlanta is shut down by the half inch of snow that fell last night, so what the heck. I’ll post some stats in just a minute, but wanted to explain why old posts are (probably) going back into the RSS queue. [Update: It seems they’re not.]

I’ve written 421 posts, an average of just over 2½ per day. Of those, 31, 7.3% included links to the Times. Of those 31, 4, 12.9% did not have perma-links available. One, on Kerik for DHS, relied on an associated press story. The other 3 were: Perverse Incentives, Bin Laden Unit downsided?, and Airport Screening Still Fails Tests. All three touch on secrecy in government. Oh, the irony!

And finally, Aaron, you rock. Your code took all my fugly url pastes and made them clean again. And a nod to the editors of the Times, for trying to remain the newspaper of record.

More on Economic Analysis of Vulnerabilities

Dave Aitel has a new presentation (“0Days: How Hacking Really Works“) on what it costs to attack. The big cost to attackers is not vulnerability discovery, but coding reliable exploits. (There’s an irony for you: Attackers are subject to the same issues with bad software as their victims.) The presentation is in OpenOffice format only right now, so the OpenOffice Viewer (in Java) may be helpful.

[Previous posts: Towards and Economic Analysis of Vulnerabilities.]

Small Bits of Chaos: Vidal, SP2, Iraq

Gore Vidal has a few choice words about the President’s Inaugural address, at DemocracyNow.

A Russian company, MaxPatrol, has published a paper on bypassing heap and stack protection for Microsoft Windows XP with SP2.

Winterspeak has an interesting summary of Iraq:

The big bet that President Bush placed all these months ago, the bet that the root cause of Islamic Fundamentalism was the repressive, totalitarian regimes these people lived in, is being called as Iraq has elections tomorrow.

Nothing to Hide, Plenty to Fear

Longtime security and privacy researcher Richard M. Smith tells Farber’s IP list about Philip Scott Lyons, a Tukwila, Washington firefighter. Lyons was accused of arson because he’d bought the same type of fire starters at Safeway. Or, that’s what Safeway’s “Club Card” records show. How or why they were obtained isn’t clear.

The charge was dropped after “another person accepted responsibility for the fire,” Snohomish County deputy prosecutor Jim Townsend said Thursday. “This person made statements to numerous people and statements officially” to Mountlake Terrace police.

Stories in: The Seattle Times, KOMO-TV and he’s been cleared.

Added slightly later: The title of this post refers to the common quip that someone has ‘nothing to hide,’ and thus doesn’t care about their privacy. Even if you have nothing to hide, the electronic datastreams that are believed to be true may contain lies about you that cause you to be suspended from work for six months.

Folksonomies, Tested

I’ve just stumbled across this abstract comparing full-test searching to controlled vocabulary searching. The relevance to Clay’s posts on controlled vocabularies is that our intuitive belief that controlled vocabulary helps searching may be wrong. Unfortunately, the full paper is $30–perhaps someone with an academic library can comment.

…In this paper, we focus on an experiment in which different component indexing and retrieval methods were tested. The results are surprising. Earlier work had often shown that controlled vocabulary indexing and retrieval performed better than full-text indexing and retrieval…, but the differences in performance were often so small that some questioned whether those differences were worth the much greater cost of controlled vocabulary indexing and retrieval … In our experiment, we found that full-text indexing and retrieval of software components provided comparable precision but much better recall than controlled vocabulary indexing and retrieval of components. There are a number of explanations for this somewhat counter-intuitive result, including the nature of software artifacts, and the notion of relevance that was used in our experiment. We bring to the fore some fundamental questions related to reuse repositories.

Small Bits of Chaos: Brazilian Democracy, Traffic Cameras, Locks, Hamas, and Curtains

Lessig discusses what democracy looks like in Brazil:

I remember reading about Jefferson’s complaints about the early White House. Ordinary people would knock on the door, and demand to see the President. Often they did. The presumption of that democracy lives in a sense here. And you never quite see how far from that presumption our democracy has become until you see it, live, here. “This is what democracy looks like.” Or at least, a democracy where the leaders can stand packed in the middle of a crowd, with protesters yelling angry criticism yet without “security” silencing the noise. No guns, no men in black uniform, no panic, and plenty of press. Just imagine.

Further analysis indicated that the cameras are contributing to a definite increase in rear-end crashes, a possible decrease in angle crashes, a net decrease in injury crashes attributable to red light running, and an increase in total injury crashes.

(From “Evaluation of Red Light Camera Enforcement Programs in Virginia“, (PDF) The Virginia Transportation Research Council, 1/27/2005, via “” (A journal of the politics of driving, hmmm?) covered in techdirt, and linked to by Freedom to Clip, and the cite is longer than the blurb!)

Wired on lockpicking contests.

Hamas wins in a landslide, promising to fight corruption, Jews. Less sarcastically, their strategy is classic guerilla/insurgent ‘align with the people against a corrupt government.’ It’s not clear that Abbas can counter this. Slide 108 of Patterns of Conflict starts:

Undermine guerrilla cause and destroy their cohesion by demonstrating integrity and competence of government to represent and serve needs of people—rather than exploit and impoverish them for the benefit of a greedy elite.

Finally, in a subject near and dear to me (bullet 6), David Akin reports that you have privacy even without curtains.

“The Arthur Andersen Of Banking?”

Over at The CounterTerrorism Blog, Andrew Cochran accuses Riggs Bank of being “the Arthur Andersen of banking.” Riggs is apparently pleading guilty to violating the Bank Secrecy Act, by “failing to file reports to regulators on suspicious transfers and withdrawals by clients.”

I’d like to address the comparison to Arthur Andersen, and through that lens, look at the Orwellian nature of US bank secrecy laws, which actively require banks to spy on their customers. Arthur Anderson was an auditing firm, one of the “big five” accounting firms that audited most companies allowed to sell their stock to the public. Arthur Anderson was auditor to companies including Enron, Worldcom and Sunbeam, all of whom had massive fraud scandals concerning their accounting. Now, auditors play a special role in public companies. They are (nominally) hired by the board of directors to audit the company’s books, and ensure that they are in compliance with generally accepted accounting practices. The board works for the shareholders of a company, and exists to protect the shareholders, and ensure the company is well run.

The duties and responsibilities that auditors have have a special legal name, fiduciary, because of the legal role that these folks have in our system of shareholder capitalism.

Arthur Andersen ignored that duty, and actively hid their history with Enron, by shredding documents. That breach of trust is what destroyed the company, and for good reason. If you buy 100 shares of IBM, IBM isn’t going to let you come in and look at the books. You’re required to rely on the board to select auditors who will do that for you. And when the auditors fail, the consequences are severe. Companies, like Enron, Worldcom, and Sunbeam, can commit fraud because their auditors are failing to do the job they’re hired to do.

Now lets take a look at Riggs bank. To the best of my knowledge, no one is accusing Riggs of violating fiduciary duties. In fact, I can’t recall a bank breaching their fiduciary duties lately. What Riggs is accused of doing is failing to file forms under the BSA. Even if the BSA was good law, this would not be in the class of Andersen’s failings. BSA isn’t even good law.

I say that not (even) from a privacy perspective, but from the perspective of someone who tried to help customers implement it. When I was a consultant, I worked with a number of banks who were concerned about compliance. We sweated over what words in the law meant. There were some obvious cases: If someone was on the OFAC list of bad people, they shouldn’t be allowed to do things. But what was ‘suspicious’ behavior over the internet? What set of behaviors should cause us to file reports? There were no clear answers. The answers that we, like most banks, came to, was to toss customer privacy to the wind, and file forms often. And now, banks are concerned about compliance costs. These costs aren’t really paid by banks; they’re paid by bank customers in the form of higher fees and interest payments on loans.

There’s a way in which these bank regulations are like the drug war: The laws that Congress passes are ineffective, but all Congress can really do is pass laws, and so they pass more and more laws, imposing higher and higher costs, without ever really having any effect on terrorist finance or money laundering or drug dealers.

Riggs failed to comply with the law, and is paying a high cost. But if they had complied, spirit and letter, would the world be a better place? I don’t think so. And in that, they are very, very different from Arthur Andersen.

Small Bits of Chaos: Taxes, Orientation, Liberty, Fraudulent Licenses

Scrivner writes about the perverse nature of the AMT.

Chuck Spinney at D-N-I asks “Is America Inside Its Own OODA Loop?” The article contains some very clear writing on the meaning of orientation, and applies that idea:

He showed why the most dangerous internal state of an OODA loop occurs when the Orientation process becomes so powerful that it force fits the organism’s observations into fitting a preconceived template, even when those observations threaten the relevance of that template.

Europhobia has a great rant on the UK’s approach to liberty:

Yep, having been told by the Law Lords that the detention without trial of foreign terror suspects is illegal, Clarke has interpreted their ruling in such a way as to justify the adoption of a truly wonderfully Stalinist policy. Because, hey – what the Law Lords were obviously objecting to most of all was the discrimination, right? So if you end the discrimination it’ll all be fine!

Too bad his trackbacks are broken. ( trackback:ping="<$BlogItemNumber$>)

Finally, Newsday has a long article on fraudulent issue of drivers licenses. (My thoughts are in my talk “Identity and Economics: Terrorism and Privacy.” Short form: As long as there’s a huge market demand for ID cards, and most of the people getting them are chasing the American dream, the market will connect buyers and sellers. If we want ID cards to be resilient, we need to reduce the demand for them.

Ben Rothke on Best Practices

Best practices look at what everyone else is doing, crunch numbers—and come up with what everyone else is doing. Using the same method, one would conclude that best practices for nutrition mandates a diet high in fat, cholesterol and sugar, with the average male being 35 pounds overweight.

Writes Ben Rothke in a short, incisive article for eweek. Go read it now.