Laptops and border crossings

The New York Times has in an editorial, “The Government and Your Laptop” a plea for Congress to pass a law to ensure that laptops (along with phones, etc.) are not seized at borders without reasonable suspicion.

The have the interesting statistic that in a survey by the Association of Corporate Travel Executives, 7 of 100 respondents reported a laptop or other electronic device seized. Of course, this indicates a problem with metrics. It almost certainly does not mean a 7% seizure rate, as I’ve seen this inflated to. These seizures are such an outrageous thing that the people who have been subjected to them are properly and justifiably outraged. They’re not going to toss the survey in the trash.

I’m not sure how much I like the idea that Congress should pass a law to ensure that the fourth amendment is met. Part of me grits my teeth, as I think it should happen on its own. But if the courts aren’t going to agree, that probably has to happen.

Leveraging Public Data For Competitive Purposes

The Freakonomics blog pretty much says it all:

The latest:, the brainchild of brothers Ryan and David Petersen, with Michael Kanko. They exploit customs reporting obligations and Freedom of Information requests to organize and publish — in real-time — the contents of every shipping container entering the United States.
There’s a neat ticker on the bottom of their page showing a trickle of these data. Watch it for a few minutes: it’s mesmerizing and provides a sometimes beautiful window into the wonders of international trade.

Talk about a not-so-covert channel leaking what your business is up to on a daily basis. What the Petersens and Kanko are onto is yet another unintended consequence of globalization. It makes me wonder what other sources like this are out there and accessible via the Freedom of Information Act. Similarly, as one commenter on the above article asked, how soon before people try to game the system:

I wonder if something like this will lead to a rise in ‘creative’ customs declarations. Say a proxy company to take that new shipment of 22,000 digital thingies that are then immediately sold to Apple and thus mitigating the chances of someone predicting the street date of their latest offering

The Recent History of the Future of Cash

Dave Birch has a really interesting post about The future of the future of cash:

The report also identifies three key attributes of cash that make it — still — the dominant payment system. Universality, trust and anonymity. I’m curious about the location of anonymity in the customer mindset and I’m going to post some more about this shortly, so I’m only looking at the first two here.

I want to extend Dave’s assessment of what makes “trust” interesting:

Trust, on the other hand, may not be such a big barrier. It’s not clear to me how to disentangle trust in the medium of exchange from trust in the store of value, since people clearly use cash for both, but it is clear that a great many other tradable items can easily usurp cash once technology has acted to shift them from being a store of value into a viable medium of exchange (remember the tally sticks!) for their age. A couple of months ago we were discussing Nick Szabo’s classification of commodity derivatives as a kind of near-money, but there are plenty of exant near-monies already in use around the world, including mobile phone minutes in a great many developing countries. If I lived in Zimbabwe, it would take me years to learn to trust cash more than Vodafone minutes.

I think there’s an important element of trust missing, which is finality. With almost all computer-based systems, payments are conditional on some complex bureaucracy deciding to credit them. For example, see Gary Leff on some deal for frequent flyer miles:

Second, print everything and I mean everything. I printed the offer itself. I printed the page where I enter all the information about the rental (including my Skymiles number, etc). I printed the confirmation page. I’m saving all of those, and will save my rental receipt as well.

Why does he do this? Because he doesn’t trust the system. He’s prepping himself to go fight its decisions. In contrast, if they handed him a bearer certificate for 9,999 miles, or $200 cash (the rough value of the miles at $.02 per) he’d be done. He’d trust those things.

People used to sell things for cash on the barrelhead. When that cash was cold, hard cash, rather than fiat, print-it-yourself money, the deal was done when the money changed hands. You can’t lose any more than you have in your pocket (or under your mattress). Electronic systems don’t have that property, and that makes them harder to trust. You don’t just have to disentangle value-store from medium of exchange. You have to estimate the value of finality.

Massive Coordinated Vendor Patch For DNS

Dan “Doxpara” Kaminsky today released information about a fundamental design flaw in the architecture of DNS which if properly exploited would allow a malicious party to impersonate any website they wanted to. This issue effects every single version of DNS. The flaw primarily effects the DNS server but it can also effect clients as well in certain scenarios. Patches are available or will be available soon from Microsoft, Sun, ISC and Cisco to name just a few. Due to the potential risks of this vulnerability details of the vulnerability are not being currently released. In order to allow users time to patch, Dan will not release full details until Blackhat 2008. What I do know at this point is that the flaw allows a malicious party to poison dns caches and that the fix improves the situation by increasing the level of randomness of port selection. Dan has posted a widget on this website that allows users to check and see if their DNS servers are vulnerable or not. Feel free to throw out your theories as to the actual nature of the vulnerability or your feelings on whether or not this was responsible disclosure.
[Edit: More details from ISC and Microsoft.]
[Edit2: Transaction ID (16 bits of randomness) is not random enough. The patch also adds randomness to the source port and requires that both the source port and transaction id must match for a query to be considered valid.]
[Edit3: DJBdns is in fact not affected as DJB had already implemented port randomness even though he didn’t know it was an issue.]
[Edit4: Executive Overview from securosis.]
[Edit5: More reading here via the crypto mailing list.]
[Edit6: And more reading: from djb and Paul Vixie.]
[Edit7: Matasano’s Ptacek has peeked inside the kimono and says it’s the real deal. — cw]

Writing a book: technical tools & collaboration

When Andrew and I started writing The New School, we both lived in Atlanta, only a few miles apart. We regularly met for beer or coffee to review drafts. After I moved to Seattle, our working process changed a lot. I wanted to talk both about the tools we used, and our writing process.

We started with text editors and a subversion repository. Andrew, I think, used TextEdit, and I used emacs. This didn’t work very well, and we regularly lost check-in discipline. We also realized that we both wanted to be able to use headings, italics, and other tools that aren’t easy in text.

So we moved to LaTex. LaTex is a very powerful, slightly twitchy page description system that scientists use. We wrote the draft chapters we used to sell the book in LaTex, along with the proposal. We really like those drafts, and there’s a good deal which survived, and even more that’s gone. We marked up those chapters in person, which became a lot harder when I took a job in Seattle.

As we tried to work in LaTex, we ran into the same collaboration troubles that Baron Schwartz talked about in “What is it like to write a technical book?“* Lists of comments just didn’t cut it. We needed something more powerful.

Now, there’s a few publishers left who take three formats: LaTeX, Word, and camera-ready. (As I understand it, most only take Word.) So our choice of formats controlled our choice of software. My experience with OpenOffice is that it didn’t produce perfect Office docs. We didn’t want to take a risk that we’d be stuck in a format war with AW. So we moved to Office 2004 for the Mac, and it worked pretty well for writing and revising. Ironically, I was the one who resisted Word most strongly. I’m a real fan of simple file formats that you can read with various tools. We used iChat’s voice chat feature to talk through things, and Andrew flew up to Seattle once for a grueling-long weekend of editing.

That worked pretty well until we hit technical reviews and production. Technical reviews involved sending out the draft to a bunch of people, who then commented on it, usually using Word’s comment feature. I aggregated all those into one file, and started editing it. When we did, we ran into performance problems. A 20 page doc with 300-400 comments and edits was slow.

Fortunately, assimilation has its privileges. I was able to get us into the Office 2008 beta program, which ran almost flawlessly for us. We did the final production edits with Office 2008, ichat and one other key tool: my Brother HL5140 printer. It was a workhorse, and the huge stacks of paper that I worked with all came out of a single cartridge.

*I think that’s the right URL. He has some silly anti-spam software that can’t tell the difference between GET and POST and complains about not having a referer: header on GET.

Maryland Breach Notices

Case Number Date Received Business Name No. of MD residents Total breach size Information breached How breach occurred
153504 06/09/08 Argosy University name, social security number, addresses Laptop computer stolen from employee of SunGard Higher Education

Maryland Information Security Breach Notices are put online by the most-forward looking Douglas F. Gansler, attorney general.

I’m glad that they list case IDs on there. We’re getting to the point, what with, Identity Theft resource center, Privacy Rights ClearingHouse, Adam Dodge, Chris Walsh, and probably others I’m forgetting, it’s like chaos out there. We need a ‘CBE’ just to help us all cross-correlate.

Via “I’ve Been Mugged.”

Freakonomics and Data

There’s a really interesting article in the New Republic, “Freaks and Geeks:”

In 2000, a Harvard professor named Caroline Hoxby discovered that streams had often formed boundaries to nineteenth-century school districts, so that cities with more streams historically had more school districts, even if some districts had later merged. The discovery allowed Hoxby to show that competition between districts improved schools. It also prompted the Harvard students to wrack their brains for more ways in which arbitrary boundaries had placed similar people in different circumstances.
…In retrospect, I have come to see this as the moment I realized economics had a cleverness problem. How was it that these students, who had arrived at the country’s premier economics department intending to solve the world’s most intractable problems–poverty, inequality, unemployment–had ended up facing off in what sometimes felt like an academic parlor game?

It’s a very interesting article on the economics of academic economics, and some of the perverse incentives which exist in the field.

Me, I look forward to the day when we have so much data that we can start looking for arbitrary differences and boundaries. I look forward to the day when security has a cleverness problem. No doubt we’ll end up calling it database pharming.

Passport-peeking probably pervasive

Back in March, we wrote about unauthorized access to Barack Obama’s passport file.
At the time, a Washington Post article quoted a State Department spokesman:

“The State Department has strict policies and controls on access to passport records by government and contract employees”

The idea was that, while snooping might occur, it would be caught by controls put in place specifically to detect accesses to the records of high-profile people.
Well, as it turns out the State Department may not be quite as good at detecting such accesses, or at following up (shocking, I know).
In a July 4 article, the Los Angeles Times reports:

A federal investigation of unauthorized snooping into government passport files has found evidence that such breaches may be far more common than previously disclosed, and the State Department inspector general is calling for an overhaul of the program’s management.
In a report issued Thursday, the inspector general found “many control weaknesses” in the department’s administration program, including what investigators said was a lack of sound policies on training staff, accessing electronic records and disciplining workers who break privacy rules.

According to the article, passport files may be viewed by over 20,000 government workers and contractors. In a sample of 150 celebrities chosen for examination by investigators, 85% had been accessed at least once. One was accessed over 100 times (!) in the last six years.
Amusingly, at a press conference held on July 4, State said that half of those who had access in March no longer have it. They also were unable to say whether spot-checks on detected accesses were taking place in the past. Put those together and you have a system where at least twice as many people have access as need it, and privileged operations are recorded but the folks in charge do not know if the audit trail is used.
The redacted report is available at the C-SPAN web site, but not at the State Department’s near as I can tell. Draw your own conclusions.

In Congress Assembled, July 4, 1776


In CONGRESS, July 4, 1776

The unanimous Declaration of the thirteen united States of America,

When in the Course of human events, it becomes necessary for one people to dissolve the political bands which have connected them with another, and to assume among the powers of the earth, the separate and equal station to which the Laws of Nature and of Nature’s God entitle them, a decent respect to the opinions of mankind requires that they should declare the causes which impel them to the separation.

We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness. –That to secure these rights, Governments are instituted among Men, deriving their just powers from the consent of the governed, –That whenever any Form of Government becomes destructive of these ends, it is the Right of the People to alter or to abolish it, and to institute new Government, laying its foundation on such principles and organizing its powers in such form, as to them shall seem most likely to effect their Safety and Happiness. Prudence, indeed, will dictate that Governments long established should not be changed for light and transient causes; and accordingly all experience hath shewn, that mankind are more disposed to suffer, while evils are sufferable, than to right themselves by abolishing the forms to which they are accustomed. But when a long train of abuses and usurpations, pursuing invariably the same Object evinces a design to reduce them under absolute Despotism, it is their right, it is their duty, to throw off such Government, and to provide new Guards for their future security. —Such has been the patient sufferance of these Colonies; and such is now the necessity which constrains them to alter their former Systems of Government. The history of the present King of Great Britain [George III] is a history of repeated injuries and usurpations, all having in direct object the establishment of an absolute Tyranny over these States. To prove this, let Facts be submitted to a candid world.

Continue reading

On Gaming Security

Adam comments on Dave Maynor commenting on Blizzard selling authentication tokens.

Since I have the ability to comment here, I shall.

This isn’t the case of a game having better security than most banks (as Maynor says). This is a game company leaping ahead of some banks, because they realize they have bank-like security issues.

It’s been a year or so since I read on El Reg that on the black market, a credit card number sells for (as I remember) £5, but a WoW account sells for £7. I would look up the exact reference, but I’m not in the mood. Your search skills are likely as good as mine.

The exact reasons for this are a bit of a mystery, but there are some non-mysterious ones. There is a black market for WoW gold and (to a lesser extent) artifacts. That black market is shuddering because Blizzard has done a lot to crack down on it. (Blizzard’s countermeasures are one main reason that the artifact market is low. Most artifacts become bound to one character when used, and so are not transferrable and so are not salable.) Nonetheless, many WoW players have gold in their pockets that would sell for hundreds to thousands of dollars on this black market.

(If you think from this, that WoW can be a profitable hobby, think again. That many players have gold worth some real change says more about the time they have spent playing than anything else. If you live in a first-world country, you can earn far more flipping burgers than playing WoW. It is only if you are in a third-world country that WoW is a reasonable career choice.)

This means that by putting a keylogger on someone’s system, you can steal a pretty penny from them and sell it on the black market. A not-insignificant number of WoW players have logged into their accounts to find their characters naked and penniless. However, there’s an interesting twist on this. Blizzard can and does restore the lost gold and items.

Presumably, Blizzard has a transaction log and can rewind it. However, this is work for them and annoyance for the victim. Two-factor authentication will lower Blizzard’s costs but fear of robbery is high enough among the players that they’re snapping these things up and are willing to pay for them.

Bank customers rightly think that increased security is something that the bank should pay for. So in the banking world, the cost-benefit calculation of two-factor authentication is complex. In the gaming world, it’s pretty straightforward. Since Blizzard can shift the cost of the device to the customer base, it’s easier to justify.

Want Real Homeland Security?

real-homeland-security-frame.jpgAll around cool guy, and former provost of the University of Chicago, Geoffrey Stone (the Edward H. Levi Distinguished Service Professor at the University of Chicago Law School), posted earlier this week proposed that “The next president should create a brand new position, which should become a permanent part of the Executive Branch in the future: a Civil Liberties Advisor“.
Given past posts here, regular Emergent Chaos readers will hardly be surprised that I am a supporter of this proposal. While I encourage everyone to read the entire post, it’s the closing paragraph that really sums why I think this is so important:

Of course, Civil Liberties Advisors may often lose the debate, or even be shunted aside. But sometimes they will win, and sometimes they will raise consciousness and help frame the discussion. Moreover, an administration without such a voice is much more likely to short-change civil liberties than one with such an advocate. The stakes for our nation are simply too high for us to continue to muddle along without someone in this critical position. Indeed, this idea this might well give rise to a whole new meaning to the notion of Homeland Security.

And actually if you replace administration with corporation and civil liberties with customer privacy, you pretty much have the argument for why companies need (and have) privacy evangelists….
[Image is ‘Real’ Homeland Security by richdrogpa.]

On Banking Security

Dave Maynor comments:

Blizzard is going to sell a One Time Password device…Isn’t it kind of funny when an online game has better security than most banks?

Blizzard Entertainment, Inc. today introduced an optional extra layer of security for World of Warcraft®, its award-winning massively multiplayer online role-playing game. Designed to attach to a keychain, the lightweight and waterproof Blizzard® Authenticator is an electronic device that generates a six-digit security code at the press of a button. This code is unique, valid only once, and active for a limited time; it must be provided along with the account name and password when signing in to the World of Warcraft account linked to it.

Damnit, Dave, I have nothing to add to that analysis!