Nick Szabo is on a Roll

When I started blogging, I wanted to say one interesting and insightful thing per day. I still do, and so say several things in the hopes that one of them is interesting. Nick Szabo, on the other hand, has apparently been storing them up, and is on a roll lately:

Book consciousness,” on the effects of the rise of the printing press, “Charters and judicial review,” on the history of English law, and “Conservation of rights.”

Breach numbers

I just got a response from North Carolina to my freedom of information request, asking for records pertaining to security breaches resulting in the exposure of personal information. North Carolina requires that such breaches be reported centrally.
The data were sent in printed form, in a table obviously derived from a spreadsheet. I hope to obtain that spreadsheet when I call tomorrow, but for now, here’s what I have:
The date range is December 19, 2005 through July 21, 2006.
There are 41 incidents, totaling 231,373 North Carolina records.
By comparison, New York provided me with information on 29 incidents from December 15, 2005 through approximately March 10, 2006, exposing 217,795 New York records.
Let’s have some fun, bearing in mind that this isn’t intended as scholarship, and I didn’t check my figures:
Incidents per day (NY/NC): .34/.19
Exposed records per day (NY/NC): 2562/1081
Now if we normalize that last, by taking into account state population:
2562/(1081*2.3) = 1.03
Now that is a cool result (even if it is a coincidence!) ;^)
[Updated 8/22 to clarify what kind of info this is. Thanks, Ian!]

AOL data release fallout

AOL’s CTO has “decided to leave” the company, “effective immediately”, according to an email message sent to remaining employees by CEO Jon Miller.
Additionally, CNet news reports that the researcher who posted the data, and the researcher’s supervisor (a direct report of ex-CTO Maureen Govern) have been fired.

Identity 2.1

Dave Weinberger absolutely nails why I worry about the whole Identity 2.0 plan, in “Anonymity as the default, and why digital ID should be a solution, not a platform.” If you know what Identity 2.0 means, you owe it to yourself to read this post. If you build Identity 2.0 platforms/solutions/best-of-breeds, you owe it to us to explain why he’s wrong.

I have confidence that the people designing these systems are going to create the right software defaults. The people I know firsthand in this are privacy fanatics and insistent that individuals be in control of their data. This is a huge and welcome shift from where digital ID was headed just a few years ago. We all ought to sigh in relief that these folks are on the job.

But, once these systems are in place, vendors of every sort will of course require strong ID from us. If I want to buy from, say, Amazon, they are likely to require me to register with some ID system and authenticate myself to them…far more strongly and securely than I do when I pay with a credit card in my local bookstore. Of course, I don’t have to shop at Amazon. But why won’t B&N make the same demand? And Powells? And then will come the blogs that demand I join an ID system in order to leave a comment. How long before I say, “Oh, to hell with it,” and give in? And then I’ve flipped my default. Rather than being relatively anonymous, I will assume I’m relatively identified.

Nothing To Fear Except Fear Itself

malaga.jpgLast night, passengers on a Malaga-Manchester flight misbehaved until the airline took two “Asian” men off the flight. See “Mutiny as passengers refuse to fly until Asians are removed” in the Daily Mail.

For me, this raises a number of questions, in no particular order: Why weren’t the unruly passengers arrested? Who was forcing them to get on the plane? Who cares if they refuse to fly? Is this the future of security? Why do passengers feel this sort of fear, anyway? From the article:

“While we were waiting, everyone agreed the men looked dodgy. Some passengers were very panicky and in tears. There was a lot of talking about terrorists.”

Patrick Mercer, the Tory Homeland Security spokesman, said last night: “This is a victory for terrorists. These people on the flight have been terrorised into behaving irrationally.

This is true. So, Mr. Mercer, who’s been terrorizing them, if not your government? [Update: Roger politely pointed out in a comment that Mr. Mercer is part of the loyal opposition, not part of the Labour Party. Which makes this rhetoric a lot less interesting.] Who shot Jean-Charles Menendez in a bit of panic? Who trumpets the need to “make sacrifices” for our security? Who has utterly lost the trust of the public?

You’ve Labour has brought us here, in collaboration with the current American administration. When will Tony Blair stand up and make the case against racial profiling? Will you start to lead in a useful way, or continue beating the drums for panic?[I suppose that’s up to the voters in the UK, not Mr. Mercer.]

As an aside, one other question it raised, at least for me, was “where the heck is Maalaga, anyway?” Thus the map.

Biometrics Enable Guilty Men to Go Free?

Don’t miss the picture that Jerry Fishenden paints in “biometrics: enabling guilty men to go free? Further adventures from the law of unintended consequences:”

Outside, armed policemen, guard dogs and riot barriers prevent the curious crowds pushing too close. On the office rooftops – police marksmen. In the Victorian drains below the courtroom – boiler-suited bomb teams, knee deep in London’s toxic wastes.

This is a trial that must not, cannot go wrong. The media has been in a full-on, Fleet Street frenzy for months. Driven by political rhetoric, media pressure and public concern, the police and intelligence services have been running faster than they have ever run, worked harder than they have ever been worked. Dawn raids, arrests, releases. High hopes, false hopes. Trails hot and trails turned cold.

New (Oracular) Blogs

delphis-birthday.jpgWhile we’re celebrating, let me tip the hat to three new bloggers:

Mary Ann Davidson has a blog, confusingly headlined “Sandra Vaz Blog (en Portuguese!)” I suspect it’s a template issue, but then again, I’ve seen Mary Ann with–oh, I shouldn’t tell you what she put on her name badge at the Exec Women’s Forum event at RSA. It was awfully funny, though. Maybe she has a picture to share? Or maybe she’s going to be posting in Portuguese.

My buddy and co-worker Cem Paya has a blog, entitled “Random Oracle.” He’s got some great bits on cookies and privacy up right now.

And finally, Marty Roesch of Sourcefire has started blogging at “Security Sauce.” He’s got a great post on airport security throughtput, “Airport Security: Meatspace Intrusion Detection.” I can’t figure out a way to call Marty oracular. Perhaps it’s when Snort issues messages saying “If you let this packet through, a great buffer shall be destroyed?”

I was going to find a birthday cake with three candles, but how can I pass on such a cute 7 year old…especially if she’s named Delphi?

Happy Birthday to Us!


Emergent Chaos was launched two years ago today. My very first post was “Why Did Google Pop.”
I could go through and talk about my favorite posts, but I’m more interested in your favorites.

In the 2 years of operation, we’ve averaged just over 2.5 posts per day, and I think we’ve only been silent on 2 or 3 days. We’ve averaged just over π comments per day, or 1.2 comments per post.

Dell Batteries and Privacy?

dell-battery.jpgKip Esquire has a blog post about liabilities and restatments and product liabilities with an interesting twist for the capture-everything crowd:

As for the costs of warning: How geographically diverse are the customers? How easy or difficult would it be to communicate the warning — would a press release be sufficient? Is the product likely to have been resold? And, almost uniquely relevant to Dell, does the manufacturer have a customer database?

There’s an emergent trend of the accumulation of data causing chaos. I’m sure Dell and Sony would have preferred not to own up to this, but the ability to contact customers cheaply cuts two ways.

For more on how common this is, see Bob Sullivan’s “Exploding Gadgets– it’s not just Dell.” The article lays out how many products have similar risk, which makes Dell’s actions all the more striking.

(Kip’s article is Kip Esquire, “Have you Tried Rebooting?,” and the photo is from the Sidney Morning Herald.)

Ruling issued in NSA wiretap case

The Permanent Injunction of the TSP requested by Plaintiffs is granted inasmuch as each of
the factors required to be met to sustain such an injunction have undisputedly been met. The
irreparable injury necessary to warrant injunctive relief is clear, as the First and Fourth Amendment
rights of Plaintiffs are violated by the TSP. See Dombrowski v. Pfister, 380 U.S. 479 (1965). The
irreparable injury conversely sustained by Defendants under this injunction may be rectified by
compliance with our Constitution and/or statutory law, as amended if necessary. Plaintiffs have
prevailed, and the public interest is clear, in this matter. It is the upholding of our Constitution.

ACLU v. NSA ruling
Note: “TSP” refers to the secret NSA program, as explained in the ruling.

New Security Measures: Effective, Non-intrusive

smoking-clown.jpgOr not.

The BBC reports that “10,000 bags misplaced at airports,” and a “Boy boards [a] plane without tickets (sic).”

Meanwhile, here at home, we have a program that engages in behavioral profiling in some airports. How effective is it? The New York Times reports in “Faces, Too, Are Searched at U.S. Airports:”

In nine months — a period in which about seven million people have flown out of Dulles — several hundred people have been referred for intense screening, and about 50 have been turned over to the police for follow-up questioning, said John F. Lenihan, the transportation agency’s security director at Dulles.

Of those, half a dozen have faced charges or other law enforcement follow-up…

So lets see. Six ouf of “several hundred.” I make “several” to be from 2 to 5. So that’s between .6% and 3% of the people these dedicated officers choose to interview end up being arrest-worthy. Now, estimates are there are roughly 10-15 million illegal immigrants. 10 million out of 300 million? 3%. So we would do no worse, and perhaps better, pulling people off the street at random, and violating their right to be left alone.

The evil clown shown here is not an airline security official, but SmokingClown4 by FaceIt, from Flickr.