Bluetooth vs Infrared

John Early has an interesting editorial over at Computer Weekly “Infrared meets speed and security needs:”

Famously associated with applications such as personal digital assistant to laptop synchronisation, PDA business card exchange and short-haul mobile phone data transfer; IRDA, with its short range and relatively low 4mbps throughput, was understandably discounted by the IT community as irrelevant for WLan application.

Infrared has squared up to recent competition from Bluetooth, an alternative radio frequency communications standard designed to support similar connectivity to IRDA. Simple set-up and good reliability initially secured IRDA’s popularity over Bluetooth. More recently, questions about Bluetooth’s inherent insecurity have reinforced IRDA’s popularity.

He doesn’t mention that it’s easy to make IR connections directional (actually, its hard to make them omnidirectional), which is very useful for some applications.

The right architecture makes security much easier. The use of RFID in passports will always be a problem in search of a solution, adding to the cost and risks for a use case that’s unclear. Using IR to link local devices is a win because it aligns the security properties that people expect (that walls block things) with the reality.

(Via InfoSec News.)

Choicepoint Roundup

  • Household Watch has a story:

    When Ms. Marshall got a $6,000 home-improvement loan from a credit union in April 2003, she had to pay relatively high interest because of a weak credit score. The credit check had showed a court ruling ordering her to pay overdue rent to a former landlord in a Washington, D.C., suburb. But the judgment had been caused by a court error and vacated by a judge – facts that didn’t make it into her credit history. It turned out that a ChoicePoint contractor at a courthouse hadn’t properly updated the file, and that Equifax, the credit bureau, purchased the erroneous entry from ChoicePoint.

    Unfortunately, the suit was thrown out after the errors were fixed. That sort of decision encourages these companies to be sloppy with their data gathering processes. Data processing professionals used to say “Garbage in, garbage out.”

  • The LA Times has an article “ID Theft Coverage Draws Criticism.
  • Finally, its been too long, but today Two Minutes Hate comes to you from…The San Jose Mercury News, who says that “Thieves go where the data is — while Congress just fiddles.” (Ironic for a company that insists on collecting data from you, or really, from Bugmenot.)

Choicepoint vs CIA

air-america-cap.jpg
The New York Times has a long article on the successors to Air America, “C.I.A. Expanding Terror Battle Under Guise of Charter Flights.” The bit that really caught my attention was:

On closer examination, however, it becomes clear that those companies appear to have no premises, only post office boxes or addresses in care of lawyers’ offices. Their officers and directors, listed in state corporate databases, seem to have been invented. A search of public records for ordinary identifying information about the officers – addresses, phone numbers, house purchases, and so on – comes up with only post office boxes in Virginia, Maryland and Washington, D.C.

But whoever created the companies used some of the same post office box addresses and the same apparently fictitious officers for two or more of the companies. One of those seeming ghost executives, Philip P. Quincannon, for instance, is listed as an officer of Premier Executive Transport Services and Crowell Aviation Technologies, both listed to the same Massachusetts address, as well as Stevens Express Leasing in Tennessee.

No one by that name can be found in any public record other than post office boxes in Washington and Dunn Loring, Va.

In the past, the FBI could set up undercover agents, or those in the witness protection program, by talking to “the big three” credit agencies. If the CIA needed cover identities, they could do the same.

But today, “thanks” to the profusion of businesses dedicated to bringing public records access to everyone, these techniques no longer work. You can’t ask three patriotic businesses to help you, you’d need to give a list of identities to create to tens? hundreds? of businesses. I expect that CIA believes at least one of those businesses is a front for Al Qaeda, and thus, this is inconceivable, to hand out a list of covert officers.

Just another way in which privacy helps security.

The FBI Goes Undercover

The New York Times is reporting on a number of undercover investigations that have lead to charges against people accused of helping or trying to help terrorists. in “Trying to Thwart Possible Terrorists Quickly, F.B.I. Agents Are Often Playing Them.”

The use of undercover agents is an excellent move by the FBI, and should be applauded for two reasons. First, it focuses investigation around techniques which the FBI is good at, not on unworkable and controversial data mining and privacy invasions. Second, because it raises the cost of acting as a terrorist sympathizer, by forcing them to ask “Is this real or a sting?”

There are important questions of entrapment, but in this case:

So when the supposed terrorists sought to have Mr. Grecula build them a bomb that he said could wipe out everything within 3,000 feet, he did not flinch, prosecutors said. “Of course, I don’t like how y’all are killing Americans, but America has asked for it,” he said, according to a court transcript. “They want a war, they got it.”

Oversight of these operations is crucial to avoid disrupting peaceful groups (a la CoIntelPro or CISPES.) We can hope that a desire to avoid another massive attack will be strong enough to overcome the FBI’s habit of letting these operations go astray.

Privacy and Courage


I met Hossein Derakhshan at Blognashville. He and I respectfully disagree about the value of privacy to bloggers in oppressive regimes. He points out (correctly) that a blogger who has the courage to use his or her own name gains credibility. While I don’t disagree, I think there are people out there who don’t blog because of the risk. And I’d like to help them.

But there’s a whole next level of courage, and that’s when a critic of a regime goes home to cover events. And as Wired News points out:

Soon he hopes to head back to Iran. On June 17, Iranians will go to the polls to elect a president. Derakhshan wants to be there to post reports on his blog, Editor: Myself (www.hoder.com). “I have this little window where I can go home,” he says, eyeing the retro-punks squeezing past the table on their way to the bar. “But it will still be very dangerous for me. On one hand, Iran will be on its best behavior because of all the foreign press covering the election. On the other hand, all it would take is one week of torture to give me years of nightmares.”

So, Hossein, my hat’s off to you, and I wish you an enjoyable and safe journey, and an uneventful flight home.

Speaking of Usability: Privacy and Openness

Jon Mills, who has been heading up Florida’s Committee on Privacy and Court Records. He has an article in the HeraldTribune:

How do we balance the competing values of privacy and openness? The Internet makes possible greater openness, so indispensable to good government, and allows for greater convenience in accessing government services, including court records. However, such technology also places the privacy of Floridians at risk.

at the end of which, he invites public comment at the Florida Courts website. The draft report was a bit hard to find. (73 page pdf).

There’s a tough balance to maintain; what records are private? What information do you need to disclose to the courts? Should the Choicepoints of the world have unfettered access to that data?

If someone files a restraining order against an ex, do they have to disclose an address? If so, should that address, provided to the courts out of fear for ones life, be made available to anyone who shows up at the courthouse?

Speaking of public records, The Virginia Watchdog does a great job of showing how much private information is available to anyone on the web.

Usability Testing

ok-cancel-cancel.pngNat Friedman has a good post on usability testing:

Over the last several months we at Novell have sent a team of people around the world with a portable usability testing lab…
It is amazing to watch the ways that people fall on their face. We’ve all read about the benefits of usability testing, but until you actually try to sit still through two hours of these videos, it isn’t a visceral experience for you. It is exciting, and totally emotionally exhausting. You squirm. And it focuses you like a laser.

For example, we asked a lady to send mail to a friend. Against all odds, she started Evolution (nothing in the menus indicates that it’s a mail program; something we hadn’t realized before but which was immediately obvious after watching her stalk one-by-one through the menu items muttering to herself along the way).

The correct next step would have been for her to click on the “New” button that’s in the upper-left-hand corner of the window. This button didn’t even register for her, however. Instead, because she wanted to “send” a mail, she clicked repeatedly on the “Send” part of the “Send / Receive” button just to the right. For about a minute.

The lovely dialog box is not from Nat’s testing, but from SunTrust’s Internet Banking Help pages. The very smart people over at Apple solved this by saying that dialog boxes should contain verbs, and maybe extra descriptive words. Perhaps “Cancel Payment” and “Don’t Cancel Payment” would make for fine buttons. Nah. Then what would the help desk people do?

(Speaking of usability, why can’t I just drag and drop an image into MarsEdit?)

“Non”

The French have apparently rejected the EU Constitution. With 83% of the votes counted, it’s 57% Non, according to ABC news.

The draft constitution was, from my perspective, the worst of the new Europe: Opaque, complex and undemocratic. We can hope that new blood in the EU will press for a simpler, more transparent, and more responsive new constitution.

Of course, its also possible that France will simply ask its citizens to vote again and again until they get it right, or maybe they’ll buy voting machines from Diebold, which contain features to prevent this sort of embarrassing problem.

French Elections

You might not know it if you read only the American press, but the French voted today in a referendum on the European Union’s proposed Constitution. It’s an awful document, and the French are expected to reject it, plunging the EU into crisis, and leading to the Chancellor being made Emperor.

If the EU would like to roll ahead with a new constitution, we have a perfectly fine one that addresses a great many of the issues they’re fighting over. It’s time-tested, and we’re not using it out of copyright.

Social Security

I try to stay out of debates that have devolved into the red and blue halves of the Demopublican party screaming soundbites at each other. The party hopes that the American people won’t notice that they’re the same if they yell and scream a lot, and I try not to play their game.

C. Eugene Steuerle also declines to play their game, but he does it by actually sitting down and analyzing the social security issue, in depth. Scrivener describes him:

Steuerle is an economist who served in the Treasury for both Republican and Democratic administrations, and played a significant role in putting together the Tax Reform of 1986, which bi-partisanly lowered tax rates and broadened the tax base — the best tax law this country has seen in generations, and one that Congress has been hacking away at ever since.

As Scrivener says, his testimony before the House Ways and Means committee is hard to excerpt effectively. Read it. Then ask yourself, why is this sort of thing rare?