ID Theft Risk Scores?

A bunch of widely read people are blogging about “MyIDscore.com Offers Free ID Theft Risk Score.” That’s Brian Krebs at the Washington Post. See also Jim Harper, “My ID Score.”

First, there’s little explanation of how it’s working.

I got a 240 when I didn’t give them my SSN, and my score dropped to 40 when I submitted my SSN. [Editor's note: Huh? Giving out your SSN lowers your risk of ID theft? That seems an odd message.]

Everybody talks about identity fraud, but nobody does anything about it. This does something about it – specifically, it will help stop the worrying on the part of people who don’t need to. And it will give people who should worry a few things to do to get their situation under control. The more that can be done to demystify identity fraud, the better – and the less likely there will be unwise legislation and regulation that ultimately harm the interests of consumers.

In “What is My ID Score?” there’s some explanation:

My ID Score is a statistical score that’s based on technology currently used by leading communications, financial services, retail companies, healthcare providers, government agencies, and consumers to assess your risk of identity theft. These companies use ID Analytics’ scoring technology to ensure that fraudsters do not apply for goods and services in an innocent consumer’s name

So I think this is not really your ID theft risk, but the perception that their software has. To put it another way, it’s the trouble someone is likely to experience when they try to open a new account in the name you’re giving MyIdScore.com

When you put someone’s information in, they ask you a bunch of questions about them, like “which of these phone numbers have you used?” It’s not clear how well that works when the attackers can access the same databases through their breaches.

(This didn’t post when I wrote it, so its old news, new analysis.)

To The Moon

One of the really fascinating things about listening to the streaming audio of the first moon landing is how much time was spent debugging the spacecraft, resetting this and that.

As the memory fades away, Charlie Stross wrote about the difficulties in going back to the moon:

Not only does the cost of putting a payload into orbit increase with the cube of the payload weight — this rule holds true in the opposite direction, too. Stick a LEM on the moon and bring the contents back? Easy. Increase the mass that the LEM brings back? Very expensive — the price goes up as the sixth power of the weight you’re returning from the lunar surface (because you have to loft the heavier LEM into Earth orbit to begin with).

Identity Theft

Remember Identity Theft isn’t getting your credit card stolen, that’s fraud. Having the records that define who you are to an entire country and determine whether you can get a relatively high paying job get stolen. That’s identity theft…

Chris, I’m sorry

I hate the overuse of URL shortners like tinyurl. I like to be able to see what a link is before I click on it. I don’t like that these companies get to be yet another point of surveillance. (To be fair, tinyurl doesn’t seem to be taking advantage of that. I have cookies from tr.im and su.pr, but not TinyURL.) And so I edited your comment to replace a tinyurl with a full url, and commented that I “corrected it.”

I shouldn’t have done that, I should have just commented about it.

(If this blog was a Kindle, I’d undo it.)

The Arrest of Gates

A couple of good articles are John McWhorter’s “Gates is Right–and We’re Not Post-Racial Until He’s Wrong,” and Lowry Heussler’s “Nightmare on Ware Street.” The full police report is at “Gates police report.”

I think PHB’s comment on Michael Froomkin’s post is quite interesting:

You are all missing a rather significant fact, this is the Cambridge Police force, an organization that has a most peculiar relationship to the community it polices.

Houses in Cambridge cost a fortune, so it is not a city where cops live. So the city is a rich, liberal town policed by a conservative working class police force commuting in from other towns. You do not have to be black to have the Cambridge police act boorishly.


I am trying to avoid talking about the subject with my Cambridge friends as they all want to give their own litany of complaints.

When my apartment in Cambridge was burgled in 1999, the responding officer didn’t even want to get out of his car. When he finally did, he didn’t want to bother to physically examine anything, the one item that I pointed out had a grimy fingerprint was shattered and returned in pieces, and his report failed to document either that the front door was ripped from its hinges, or that a stack of currency from four countries had gone missing.

Sorry, PHB was trying to avoid that. I suspect that both the race and class cards played into this. There’s a strong echo of that in Crowley’s statements reported widely:

“I know what I did was right,” Crowley said in an interview with Boston-based WEEI Sportsradio Network. “I don’t have anything to apologize for.”

There’s one other element of this, which is that the police are separated from communities by a foolish and unwinnable war on drugs. Our last three Presidents have smoked pot, the last two snorted coke. But as long as the police are charged with impossible duties, they will be separated from whatever community may exist.

Please keep the comments civil and respectful of Gates, the officer and one another.

Today’s Privacy Loss – English Soldiers’ Details Published

Demonstrating that no one’s data is safe, the names, pay records, and other personal information of 90,000 English soldiers was placed on the Internet. These soldiers, who served with king Henry V at Agincourt now have their information listed at www.medievalsoldier.org, exposing them to the chance of identity theft after nearly 500 years. They soldiers served from the years 1369-1453. There is no word as to whether they will get credit card protection yet.

For epistemological anarchism

So Dave Mortman and Alex Hutton have a talk submitted to Security BSides entitled “Challenging the Epistemological Anarchist to Escape our Dark Age.” Now, it would certainly be nice if we could all use the same words to mean the same things. It would make communication so much easier! It would let us build the semantic web.

Now, don’t get me wrong. I hate cutesy and confusing names for attacks as much as Alex and Dave. But let’s think about the solution for a minute. If we’re going to challenge anarchy, we do it from a position of authority. We ask some group of the great and the good
to authoritatively assign meanings to terms, and then we move on. To the next attempt to do the same thing.

Even with all these definitions, I still get the occasional sputtering prescriptivist trying to tell me that what my employer calls threat modeling should be called “sleeping furiously” or something. My response is now always the same. I ask “is this the most productive conversation we could be having?”

Now my other issue with challenging anarchy is that once you have some great and good, they shape the thoughts that we might have. [I'm running out of time, so imagine witty and relevant references to Orwell here, along with pointer to Politics and the English Language.]

So I have two reasons to not bother challenging the epistemological anarchist. First, it won’t work, and secondly, it wastes energy that we might otherwise use to shape the language in the directions we prefer.

July 20, 1969

The Apollo program took place at just about the right time for me. I was six (or, as I would quickly have pointed out at the time, six *and a half*) when the first lunar landing occurred, and barely ten when Apollo 17 splashed down. This was old enough to be fascinated by the technology and the sheer coolness (I would not have known the words “audacity” or “chutzpah”), and too young to question the wisdom of the project given the pressing alternative terrestrial uses for the funds. It’s funny that what my brain decided to remember, and what society made iconic or controversial do not really coincide. I distinctly remember the Apollo 8 launch, but nothing of the reading from the book of Genesis. I watched the Apollo 11 launch, but I don’t specifically recall Armstrong’s first steps. In all cases, I was glued to the TV for the launch and splashdown. Oddly, these more than the flight to (or activities on) the moon brought to mind the vast scale of the project. Launches always included references to tracking stations in Australia — a vast distance away for the 6-8 year-old mind. Splashdowns involved a whole aircraft carrier! This truly was big stuff.
Skylab and Apollo-Soyuz held my interest, but the shuttle never did. Viking, with actual color pictures of Mars, got things back on track, but it was clear that no human would set foot on Mars for some time. The sense of purpose just was not there the way it was for Apollo, and it hasn’t been since. It’s hard to know whether the undertone of loss I feel when thinking about Apollo is an effect of time — I am no longer the wide-eyed boy — or of a recognition of what might have been, but was not, due to the disintegration of the consensus that allowed Apollo to succeed.

Color on Chrome OS

New things resemble old things at first. Moreover, people interpret new things in terms of old things. Such it is with the new Google Chrome OS. Very little I’ve seen on it seems to understand it.

The main stream of commentary is comparisons to Windows and how this means that Google is in the OS business, and so on. This is also the stream that gets it the most wrong.

It’s just another Linux distribution, guys. It’s not like this is a new OS. It’s new packaging of existing software, with very little or even no new software. I have about ten smart friends who could do this in their sleep. Admittedly, a handful of those are actually working on the Chrome OS, so that somewhat weakens my comment. Nonetheless, you probably know someone who could do it, is doing it, or you’re one of the people who could do it.

Moreover, Chrome OS isn’t an OS in the way you think about it. Google isn’t going to provide any feature on Chrome OS that they aren’t going to provide on Windows, Mac OS, Ubuntu, Android, Windows Mobile, iPhone, Palm Pre, Blackberry, and so on.

Consider the differences between the business model of Microsoft and that of Google. Microsoft believes that it should be the only software company there is. Its actual historic mission statement says that its mission is to push its software everywhere. Its mission does not include “to the exclusion of everyone else,” it merely often acts that way. Google’s mission is to have you use its services that provide information.

To phrase this another way, Microsoft gets paid when you buy Windows or Office or an Xbox, etc. Their being paid does not require that you not run Mac OS, or Lotus, or PlayStation, but that helps. Google gets paid when you click on certain links. It doesn’t matter how you clicked on that link, all that matters is that you click. Google facilitates that clicking through its information business facilitated its software and services, but it’s those clicks that get them paid.

The key difference is this: Microsoft is helped by narrowing your choices, and Google is helped by broadening them. It doesn’t help Microsoft for you to do a mashup that includes their software as that means less Microsoft Everywhere, but it helps Google if you include a map in your mashup as there’s a chance a paid link will get clicked (no matter how small, the chance is zero if you don’t).

I don’t know whether it’s cause or effect but Microsoft really can’t stand to see someone else be successful. It’s a zero-ish sum company in product and outlook. Someone else’s success vaguely means that they’re doing something non-Microsoft. Google, in contrast, is helped by other people doing stuff, so long as they use Google’s services too.

If I shop for a new camera, for example, the odds are that Google will profit even if I buy it on eBay and pay for it with PayPal. Or if I buy it from B&H, Amazon, etc. So long as I am using Google to gather information, Google makes money.

Let me give another more pointed example. Suppose you want to get a new smartphone. Apple wins only if I get an iPhone. RIM wins when I get a BlackBerry. Palm wins if I get a Pre or a Treo. Nokia wins a little if I get any Symbian phone (most of which are Nokias, but a few aren’t). Microsoft wins if I get any Windows Mobile phone, of which there are many. But Google wins not only if I get an Android phone, but also if I get an iPhone (because the built-in Maps application uses Google), or if I install Google Maps on anything. One could even argue that it wins more if I get a non-Android phone and use their apps, because the margins are higher on the income.

This openness as a business model is why Microsoft created Bing. Partially it is because Microsoft can’t stand to see Google be successful, but also because Microsoft envies the way Google can win even when it loses, and who wouldn’t?

Interestingly, Bing is pretty good, too. One can complain, but one can always complain. Credible people give higher marks to Bing than Google, even. This puts Microsoft in the interesting position of being where Apple traditionally is with them. They’re going to learn that you can’t take customers from someone else just by being better.

But this is the whole reason for Chrome OS. Chrome OS isn’t going to make any money for Google. But it does let Google shoot at Microsoft where they live. When (not if, when) Chrome OS is an option on netbooks, it will cost Microsoft. Either directly, because someone picks Chrome OS over Windows, or indirectly because Microsoft is going to have to compete with free. The netbook manufacturers are going to be only too happy to use Chrome as a club against Microsoft to get better pricing on Windows. The winners on that are not going to be Google, it’s going to be the people who make and buy netbooks, especially the ones who get Windows. The existence of Chrome OS will save money for the people who buy Windows.

That’s gotta hurt, if you’re Microsoft.

This is the way to look at Chrome OS. It’s Google’s statement that if Microsoft treads into Google’s yard, Google will tread back, and will do so in a way that does not so much help Google, but hurts Microsoft. It is a counterattack against Microsoft’s core business model that is also a judo move; it uses the weight of Microsoft against it. As Microsoft moves to compete against Google’s services by making a cloud version of Office, Google moves to cut at the base. When (not if) there are customers who use Microsoft apps on Google’s OS, Microsoft is cut twice by the very forces that make Google win when you use a Google service on Windows.

(Also, if you’re Microsoft you could argue that Google has been stepping on their toes with Google Docs, GMail, etc.)

Someday someone’s going to give Ballmer an aneurysm, and it might be Chrome.