I’m very excited to discover that my friend Zach Brown is blogging again. Zach was one of a group of friends who introduced me to blogs in, maybe late ’99? Early 2000? He’d been on haitus, and I’m glad he’s back. But I realized that my excitement felt a little odd, and so I’ve been thinking about it.
About a year ago, I actually read Alvin Toffler’s Future Shock, which is a classic in the sense that everyone pretends to have read it. One of the themes that resonates with me is the psychological impact of of repeatedly changing jobs and cities, in leaving people with a lack of grounding in the place they live. Toffler discusses professionals who are more in touch with, and at home with, a distributed network of professional colleagues who they see at conferences than they are with their neighbors.
He also discusses the difficulties involved in staying in touch with increasingly scattered groups of friends, when the things we do to stay friends are harder to accomplish as it becomes hard to coordinate a group of friends to be in the same place at the same time.
I suspect that deep down, the psychological benefits of physical proximity for relationship management help people trump the awful commutes, taxes, and other disadvantages of living in Silicon Valley.
I can’t help but mention that Chris Allen has been writing quite insightfully about these issues in posts like “Dunbar Triage: Too Many Connections”
Arriving here, I’m forced to examine my excitement that Zach is blogging again. On the one hand, I am genuinely happy to have insight, however small, into his life. At the same time, I miss having dinner with him and others whose company I enjoyed in Montreal.
PS: I’ve discovered that an acquaintance has set up an Amazon Associates account to contribute to my Alma Mater. Does anyone know how I can construct book URLs so that they take advantage of that account?
Mayor Potter, a former Portland police chief, earlier this year requested that the federal government grant him, the police chief and the city attorney top-secret security clearance — the same as task force officers — so that city leaders could have access to case files and more frequent updates. Potter said he wanted the ability to monitor investigative activities involving the city’s officers in order to make sure they obeyed state laws barring them from monitoring people solely because of their religious or political beliefs.
This case raises major issues of democracy. If the people of Portland have seen fit to elect Mr. Potter Mayor, what gives the FBI the right to say he can’t do his job, which includes overseeing his employees?
(“Portland, FBI Unit to Part Ways” in the LA Times, Via CSO Magazine “Security Feed.” Badge from the impressive police badges collection at http://namtiti.free.fr/. )
As the trust and reliance people place in drivers licenses, the greater the incentive to get fraudulently issued ones. FoxNews reports on “Workers Charged With Taking Payoffs for IDs
” (via JihadWatch.)
“With a valid driver’s license, you establish an identity,” said Michael Garcia, assistant secretary of the Homeland Security Department.
The three Florida driver’s license examiners charged between $100 and $200 to falsely certify U.S. citizenship for the illegal immigrants, authorities said. Five accomplices recruited immigrants for up to $3,000 per license, officials said.
I have three comments: Firstly, I have an identity. Mr. Garcia demonstrates the stunningly introverted view of too many in law enforcement, that my identity stems from my documents, my existence in their databases, or the ability of those we used to call ‘civil servants’ to check my papers. My identity stems from me, not my papers.
Secondly, at $100 per false certification, it seems that there’s quite a supply of folks willing to wink and nod.
Finally, when the facilitators are making $3,000 and $200 is going to the fellow behind the counter, it becomes more clear why some people work for the state and others are entrepreneurs.
I’ve previously touched on this in posts like ““Economics of Fake IDs“, More on Nevada DMV” (about the truck crashing through the wall), or “SSNs and Drivers Licenses,” as well as a talk I gave at the Blackhat briefings, “Identity and Economics: Terrorism and Privacy.”
Since Choicepoint demonstrated that screening is hard, they’ve been repeating the phrase “We look forward to a national debate.” But at yesterday’s annual meeting, they once again failed to engage in that debate. The LA Times has an AP story “No Answers for ChoicePoint Shareholders” (Bugmenot, because no other paper has picked up the story, according to Google News.)
Or, The Atlanta Journal Constitution, “ChoicePoint boss deflects scam queries.” (Bugmenot)
In a quick and scripted annual shareholder meeting, ChoicePoint executives turned away any questions about the invasion of the company’s database by fraud artists.
But Smith said that because of investigations into the database scam, “we will not be taking questions relating to those matters in this annual meeting.”
It seems to me that understanding how management is handling these issues would be important to a shareholder.
But today, the chairman and chief executive of Alpharetta-based ChoicePoint is likely to get a feel for his standing on a smaller stage: whether he is held in esteem by ChoicePoint shareholders.
Lauren Waits, who oversaw ChoicePoint’s charitable giving program before leaving earlier this year, describes her former boss as a visionary who also can be intense and “quite hard on other people.” He has been impatient for government to act on ideas, such as storing DNA profiles on all felons in a central database that could be used to catch repeat offenders.
But the most difficult thing for ChoicePoint’s CEO hasn’t been the criticism or a grilling before Congress, said Rod Dowling, an investment banker who has worked with ChoicePoint. What Dowling said got to Smith most in the wake of the scam was that an Atlanta publication, Creative Loafing, published his home phone number and address.
That’s just a smidgen of the kind of information ChoicePoint supplies to clients every day. But Smith worried about his family’s safety and quickly changed his phone number, said Dowling, CEO of SunTrust Robinson Humphrey.
If only we could do the same when our data gets into untrustworthy hands.
From the Atlanta Journal Constitution, “Embattled CEO must take stage.”
“Proposed Legislation Limiting PI Access to Data“, Private Investigator News and Information provides the National Council of Investigation and Security Services’s roundup of legislation that would affect the private investigator business.
Naturally, the private investigators are up in arms; their job is about to be made a lot harder over something that wasn’t their fault.
1386 provides a huge incentive for companies to secure their systems, without restricting or constraining the way in which they should do so, leaving companies to choose the most effective way. This encourages innovation in defense, because should new, more effective defense strategies become available, companies are more likely to adopt them, whereas if they are restricted to using specific technologies and practices, they won’t be able to take advantage of new developments.
So, having said all that, my suggestion to the credit card companies would be to impose heavy penalties on merchants that get compromised, but not to specify what exactly those merchants should do to make themselves secure. And to offset the impact of losses, they should continue to incorporate the notion of quarterly scans by independent assessors, which is one of the few good things about the PCI Data Security Standard.
So writes Steven Hofmeyr in “The effect of legislation.” I’m in general agreement. I suspect that the 12 step programs being promoted by Visa and Mastercard are there because of demands from their smaller customers. Even larger customers would like to constrain their investment, by being told when they can stop spending on security to avoid fines from Visa or Mastercard.
A former employee of a Blockbuster video store in Washington, D.C., has been indicted on charges of stealing customers’ identities, then using them to buy more than $117,000 in trips, electronics and other goods. Miles N. Holloman is charged with stealing credit card numbers, Social Security numbers and other private financial information from the application files of 65 customers, then using the data to open retail store and credit card accounts.
(From The Washington Post, via Privacy.org.)
“The State Department seems to be putting down the purple Kool-Aid and looking at the serious problem this technology presents,” said Mr. Scannell, who runs an Internet site called RFIDKills.com; the first part of the name stands for radio frequency identification chips. “But no matter how much stuff you layer on the technology, it is still inappropriate.”
So says the New York Times, in “Bowing to Critics, U.S. to Alter Design of Electronic Passports.” So raise a glass and celebrate victory!
(Of course, these programs have a bad habit of coming back if we stop watching closely.)
“AML software will change international banking forever,” said Suheim Sheikh of SDG Software, an Indian software firm hoping to tap into the big new market.
“Governments across the world will have their eyes on bank customers,” he added. “Since the software can monitor so many accounts, so many transactions, all kinds of people will be scrutinized, even those who in theory are just regular people. By default, not just money laundering but anything that violates the law, like tax evasion, will be hard to hide.”
“Any unexplained deposit will get you calls from the bank or the authorities, and you better have the correct answers,” said Cherian Varghese, chairman of Union Bank of India.
“It will study the profiles of other engineers in the same age group and build a pattern based on common traits like, say, the monthly periodicity of salary,” said Tripathi. “If another customer comes along, says he is an engineer and receives deposits every week, the software will raise what we call a red flag. He is suspect.”
(From “Your Money Under More Scrutiny” in Wired News.
“I, for one, welcome our new robot masters.” I hear saying that a lot gets you out of trouble for having a weekly paycheck.
Is this really the sort of world in which we want to live? One in which banks waste money nosing into your business, while ignoring the criminals who will take pains to hide their activity? Where using a bank is as pleasant as getting on an airplane?
Building new technologies involves making tradeoffs. A programmer can only develop so many features in a day. These tradeoffs are particularly hard in building privacy enhancing technologies. As we work to make them more secure, we often want to show the user more information to help them make better decisions. This impacts usability. The security of network anonymity systems like the Freedom Network or TOR depends on routing traffic through several nodes. Even if processing on the node is close to instantaneous, the transit between them is not. Security of these networks gets better the more latency you’re willing to tolerate. That latency makes it harder to be sure your message is getting through, and it can make it impossible to do things like browse the web.
These usability concerns can keep users away from the system. When the system doesn’t have lots of users, it is less secure. In “Anonymous blogging made simple,” Justin Mason writes:
Now, quinn at
ambiguous.org quotes a review of EFF’s recent ‘anonymous blogging’
guidelines, which largely comes up with one conclusion: it’s a
usability nightmare. The problem is, the EFF
report recommends using
invisiblog.com, which in turns uses the Mixmaster remailers. Those things
are awful, and I doubt anyone but their authors could possibly know how to use them 😉
I am quite sympathetic to these concerns. But I’m forced to question Justin’s claims that Tor is substantially more understandable. Understanding Tor, and why it helps protect you is hard enough. (Actually, Ethan Zuckerman agrees on usability, but disagrees on Tor, but Ethan is a smart, technically savvy guy who uses PGP, not a dissident. My experience trying to explain the difference between no hop, one hop, and three hop systems while at Zero-Knowledge Systems taught me that it’s really, really challenging to bring people up to speed on how networks work well enough that they can understand monitoring. It’s then again challenging to bring them up to speed on Mixes enough that they understand how to distinguish the different systems. Maybe there’s a different route to take, but understanding the problem, and how to address it seems like the right approach.
 Technically, pooling and mixing give you that security, and latency is irrelevant. Because that latency is the price you pay for security, and it is user-visible, I pretend it’s what counts.
Time Magazine reports:
The State Department has traditionally put together a list of industry
representatives for these [Inter-American Telecommunication Commission] meetings, and anyone in the U.S. telecom
industry who had the requisite expertise and wanted to go was generally
given a slot, say past participants. Only after the start of Bush’s
second term did a political litmus test emerge, industry sources say.
The White House admits as much: “We wanted people who would represent
the Administration positively, and–call us nutty–it seemed like those
who wanted to kick this Administration out of town last November would
have some difficulty doing that,” says White House spokesman Trent
Duffy. Those barred from the trip include employees of Qualcomm and
Nokia, two of the largest telecom firms operating in the U.S., as well
as Ibiquity, a digital-radio-technology company in Columbia, Md. One
nixed participant, who has been to many of these telecom meetings and
who wants to remain anonymous, gave just $250 to the Democratic Party. (Emphasis added.)
It’s a little late for that, traitor-boy. Next time, protect your privacy before doing something crazy like contributing money to a political party. (Via Farber’s IP.)