Security is About Outcomes, FISMA edition

Over at the US Government IT Dashboard blog, Vivek Kundra (Federal CIO), Robert Carey (Navy CIO) and Vance Hitch (DOJ CIO) write:

the evolving challenges we now face, Federal Information Security Management Act (FISMA) metrics need to be rationalized to focus on outcomes over compliance. Doing so will enable new and actionable insight into agencies’ information and network security postures, possible vulnerabilities and the ability to better protect our federal systems.
(“Moving Beyond Compliance: The Status Quo Is No Longer Acceptable”)

I’m tremendously excited to see this because back in April I wrote “Security is about outcomes, not about process.” I don’t know that I can claim credit for this, but it’s nice to see how far the meme has gone.

Gates Was Hardly An Exception

There was a lot of news when Henry Lewis Gates was arrested back in July, essentially for mouthing off to a cop. What happened was a shame, but what is more of a shame is that this sort of thing isn’t that rate. Time magazine had a recent article about this, Do You Have the Right to Flip Off a Cop? which you should read. One of my best friends from High School, Jeff Miller, linked to this article from his own blog and summed up the issue as only he can:

You can be rude to Taylor Swift, you can be rude to a tennis line judge, you can even be rude to the President … none of these things will get you arrested. But if you’re rude to a cop, get ready for some handcuffs.
This is a problem, no?

You said it Jeff!

Happy Banned Books Week!

banned-books.jpgQuoting Michael Zimmer:

[Yesterday was] the start of Banned Books Week 2009, the 28th annual celebration of the freedom to choose what we read, as well as the freedom to select from a full array of possibilities.

Hundreds of books are challenged in schools and libraries in the United States each year. Here’s a great map of challenges from 2007-2009, although I’m sure it under-represents the nature of the problem, as most challenges are never reported. (Note the West Bend library controversy is marked on the map.)

According to the American Library Association, there were 513 challenges reported to the Office of Intellectual Freedom in 2008.

I’m somewhat surprised by how many bluenoses dots there are in the northeast. Does anyone know of a good tutorial that would help me to re-map the data against population?

A Little Temporary Safety

So I saw this ad on the back of the Economist. (Click for a larger PDF). In reading it, I noticed this exhortation to “support the STANDUP act of 2009:”

The STANDUP Act* (H.R. 1895) creates a National
Graduated Driver Licensing (GDL) law that [limits nighttime driving, reduces in-car distractions, puts a cap on the number of friends in the car and increases the required hours of training and supervision. ] congressional representatives When states have implemented comprehensive GDL programs, the number of fatal crashes among 16 year old drivers has fallen by almost 40%.”

Now I was curious as to how many lives that was, and so I went looking. I found a lot of interesting stuff. For example, “Beginning with Florida in 1996, graduated licensing systems also have been adopted in most U.S. states.” That’s from the “Insurance Institute for Highway Safety/Highway Loss Data Institute.” But they also tell us: “A national evaluation reported that states with 3-stage graduated systems had 11 percent fewer fatal crashes per population of 16 year-olds during 1994-2004 than states without such systems.” Last I checked, 11 is not almost 40.

It also turns out that the number of teens killed in New Jersey last year was 60. Now, I don’t want to minimize the pain for the families who lost their children, or those injured by teens driving like, well, teens. But based on Allstate’s high number, these laws about graduated driving privileges may save as many as 25 lives a year. Based on the IIHS assessment, it may be 6 or 7.

Now there’s an old saw “Where are you from? New Jersey. Oh, what exit?” The truth is that life in New Jersey is car-centric, and saving those lives involves restricting the behavior of about 110,000 teens. (Or so I estimate, based on New Jersey Quickfacts from the US Census, who say that there are 8.6MM people, and roughly 24% are under 18, and so I figure that roughly 1.3% of the population is 16.) Those teens are in the process of exploring who they are, and asserting their independence from their parents and geography. They’re in the process of growing up. Part of that growing up is taking risks, and I suspect that some of the risk taking is simply delayed, not removed.

The other thing I don’t get about Allstate’s ad is that the insurance industry says “most states” already have such laws. Setting a national law is hard, and Congress is busy investigating baseball players. So clearly, they have important tasks to be working on. What’s more, phrases like “A national evaluation reported that states with 3-stage graduated systems had 11 percent fewer fatal crashes … than states without such systems.” A stronger argument for continued experimentation by laboratories of democracy is hard to imagine.

But stepping back, the real issue I have here is the desire to drive one particular danger to zero without consideration of the costs or alternatives. These folks are dedicated to stopping deaths in cars (which is appropriate for the IIHS, less so for Allstate). But what fraction of teen deaths are in cars that a teen is driving? What are the costs of a little temporary safety for teens?

[updates: corrected quote, added link to text]
[update2: Don’t miss Kenneth Finnegan’s comment about having 5 teens all drive separately from point A to point B, with attendant environmental and parking impact.]

Happy Emancipation Proclamation Day!

That on the first day of January in the year of our Lord, one thousand eight hundred and sixty-three, all persons held as slaves within any state, or designated part of a state, the people whereof thenceforward, and forever free; and the executive government of the United States [including the military and naval authority thereof] will, during the continuance in office of the present incumbents, recognize [and maintain the freedom of] such persons, as being free, and will do no act or acts to repress such persons, or any of them, in any efforts they may make for their actual freedom.

Unsurprisingly, Wikipedia has a good article on the Emancipation Proclamation.

[Quick update: Bryan Carter has a great photo he mentioned in the comments.]

Private Thoughts on Race

So I’m sitting on the plane home from* Seattle, and I had a really interesting conversation on race with the woman next to me. We were talking, and she asked me, why is it so hard to have conversations like this. I thought that the answer we came to was interesting, and insofar as it has a lot to do with privacy, I thought I’d share.

We talked a bit about how conversations about race are often tricky in part because there are things that sensitive people worry about. We don’t want to offend the people we’re speaking with, especially if we have to work with them in the future.

On an airplane, however badly I might put my foot in my mouth, and we’ll have a really uncomfortable few hours, we’ll walk away, and probably never see each other again. So the anonymity of the conversation (properly, ano-sur-nymity, lack of a last name) made it possible to be more frank and open then if we were neighbors.

Alcoholics anonymous works on very similar ideas, and uses anonymity as a way to create a safe space.

*Yes, from. I wrote this a few years back and just noticed I hadn’t hit post.

Secret Photo Apps for the iPhone

If you try searching the App store for photo apps, you find all sorts of things to make your photos sepia. Or blurry. Or to draw on them. Which is great, but if you want apps to help you take photographs, they’re sorta hard to find. So here are some links:

First up, a reference guide for your camera. I didn’t bother with this–I have my manual in my main photo bag, and spend time exploring features, but it might be worthwhile: Rebel XS reference. (The vendor has lots more cameras available.)

Next, if you’re doing anything with landscape photography, you end up reading about hyperfocal distances, which is where you want to put your focal point to maximize the depth of field that’s in focus. There’s a couple of these, including Simple DOF Calculator, FoCalc, and Photo Guide which also includes an exposure calulator. I personally prefer the UI in DoFCalc.

If you have a studio, or typically have a computer handy when you’re taking pictures, this DSLR Remote looks very cook. You hook up your camera to your computer via USB, and your phone talks to the computer via wifi. Someone should hack up USB/wifi bridge so you can use one of those socket size linux boxes to do this, and just clamp the thing and a battery to your tripod. Alternately, an iphone to camera cable would be great, if only Apple would let developers use the USB port. (Maybe they do. But a search on iphone sdk usb turned up people looking and not finding. Which also puts the lie to this piece at CATO. You’d have to be smoking something pretty strong to not be able to search for “apple appstore reject,” or to not realize that there’s plenty of apps you can’t get because of Apple’s prudishness.)

Finally, there’s a great idea in GreyCard, to provide a uniform color that you can photograph and use to set the white balance. Unfortunately, the iphone is backlit. I wonder what shade of grey the back is?

Are there other interesting ones?

Atoms, Photographed


The pictures, soon to be published in the journal Physical Review B, show the detailed images of a single carbon atom’s electron cloud, taken by Ukrainian researchers at the Kharkov Institute for Physics and Technology in Kharkov, Ukraine….To create these images, the researchers used a field-emission electron microscope, or FEEM. They placed a rigid chain of carbon atoms, just tens of atoms long, in a vacuum chamber and streamed 425 volts through the sample. The atom at the tip of the chain emitted electrons onto a surrounding phosphor screen, rendering an image of the electron cloud around the nucleus.

InsideScience, “First Detailed Photos of Atoms.”

BBC Video of Liquid Explosives

The BBC has some really scary video “Detonation of Liquid Explosives.” However, as I thought about it, I grow increasingly confused by what it purports to show, and the implications.

At the end of the day, I think there are two possibilities: It’s a fair representation, or it’s not. I’m leaning slightly towards the second.

If it’s a fair representation, then why are we still drinking on planes? What’s the point of allowing us to bring in smaller amounts of stuff if a 16 ounce bottle can be bought at the airport, washed out, and used to contain whatever that is?

The second choice is that it’s misleading. First, we don’t see what’s being mixed: we see an orange powder poured into a liquid, with a jug labeled water nearby. We the expert tilting the bottle back and forth to mix it. Second, we don’t see how it’s detonated. Third, we don’t really see the placement of the bottle, or how many bottles are placed. There’s an implication that it’s one, but no statement. (In fact, there’s a lack of a statement of how much of a liquid bomb was used. The BBC website say “a liquid bomb.” We don’t see if there were squibs or other games played.

The BBC ought to tell us more about what they showed.

Caster Semenya, Alan Turing and “ID Management” products

caster-semenya-cover-girl.jpgSouth African runner Caster Semenya won the womens 800-meter, and the attention raised questions about her gender. Most of us tend to think of gender as pretty simple. You’re male or you’re female, and that’s all there is to it. The issue is black and white, if you’ll excuse the irony.

There are reports that:

Two Australian newspapers reported Friday that gender tests show the world champion athlete has no ovaries or uterus and internal testes that produce large amounts of testosterone. … Semenya is hardly alone. Estimates vary, but about 1 percent of people are born with abnormal sex organs, experts say. These people may have the physical characteristics of both genders or a chromosomal disorder or simply ambiguous features. (“When someone is raised female and the genes say XY,” AP)

For more on the medical end of this, see for example the “Consensus statement on management of intersex disorders” in the Journal of the American Academy of Pediatrics.

The athletics associations rules don’t cover all of these situations well. The real world is far messier and more complex than most people have cause to address. There are a great many apparently simple things that are really complicated as you dig in.

What the sports associations and news media are doing to Semenya is reprehensible. (There are over 10,000 stories listed on Google News, versus 13,000 for Derek Jeter, who just broke a Yankees record.) She didn’t come into running knowing that she had no ovaries. Having to deal with the identity issues that her testing brings up under the harsh light of the entire world (including me) is simply unfair.

It’s unfair in almost the same way as the British government’s treatment of Alan Turing, the mathematician who Time named one of the 100 most important people of the 20th century for his fundamental work on computers and cryptanalysis. Turing was also a convicted homosexual who committed suicide because of his “treatment” with estrogen, which caused him to become impotent and to develop breasts.

This week, Gordon Brown issued an apology entitled “Treatment of Alan Turing was ‘appalling’:”

While Turing was dealt with under the law of the time and we can’t put the clock back, his treatment was of course utterly unfair and I am pleased to have the chance to say how deeply sorry I and we all are for what happened to him. Alan and the many thousands of other gay men who were convicted as he was convicted under homophobic laws were treated terribly. Over the years millions more lived in fear of conviction.

I am proud that those days are gone and that in the last 12 years this government has done so much to make life fairer and more equal for our LGBT community. This recognition of Alan’s status as one of Britain’s most famous victims of homophobia is another step towards equality and long overdue.

Sports officialdom and state governments are different. Sports are voluntary associations, although athletes have little influence on the choices of international sports functionaries. Either way, watching the chaotic world crash onto the inflexible bureaucracies is tremendously frustrating to me.

As more and more of the world is processed by Turing Machines, assumptions that seem obvious to the programmer are exposed harshly at the edges. A friend with a Juris Doctorate recently applied for a job online. The form had a field “year you graduated from high school” that had to be filled out before she went on. Trouble is, she never did quite finish high school. She had the really relevant qualification-a J.D. from a good school. But she had an emotionally wrenching choice of lying on the form or not applying for the job. She eventually chose to lie, and sent a note to the HR people saying she’d done so and explaining why. I doubt the fellow who wrote that code ever heard about it.

I have a challenge to anyone involved in creating an online identity management system: How well does your system handle Semenya?

The typical answer is either that “that’s configurable, although we don’t know if anyone’s done exactly that” or “she’s an edge case, and we deal with the 95% case really well.” If you have a better answer, I’d really like to know about it. And as a product guy, those are likely the decisions I’d make to ship.

I’ll close by echoing Brown’s words: We’re sorry, you deserve so much better.

Rebuilding the internet?

Once apon a time, I was uunet!harvard!bwnmr4!adam. Oh, harvard was probably enough, it was a pretty well known host in the uucp network which carried our email before snmp. I was also harvard!bwnmr4!postmaster which meant that at the end of an era, I moved the lab from copied hosts files to dns, when I became adam@bwnmr4.harvard…wow, there’s still cname for that host. But I digress.

Really, I wanted to talk about a report, passed on by Steven Johnson and Gunnar Peterson, that Vint Cerf said that if he were re-designing the internet, he’d add more authentication.

And really, while I respect Vint a tremendous amount, I’m forced to wonder: Whatchyou talkin’ about Vint?

I hate going off based on a report on Twitter, but I don’t know what the heck a guy that smart could have meant. I mean, he knows that back in the day, people like me could and did give internet accounts to (1) anyone our boss said to and (2) anyone else who wanted them some of this internet stuff and wouldn’t get us in too much trouble. (Hi S! Hi C!) So when he says “more authentication” does that mean inserting “uunet!harvard!bwnmr4!adam” in an IP header? Ensuring your fingerd was patched after Mr. Morris played his little stunt?

But more to the point, authentication is a cost. Setting up and managing authentication information isn’t easy, and even if it were, it certainly isn’t free. Even more expensive than managing the authentication information would be figuring out how to do it. The packet interconnect paper (“A Protocol for Packet Network Intercommunication,” Vint Cerf and Robert Kahn) was published in 1974, and says “These associations need not involve the transmission of data prior to their formation and indeed two associates need not be able to determine that they are associates until they attempt to communicate.” That was before DES (1975), before Diffie-Hellman (1976), Needham-Schroeder (1978) or RSA. I can’t see how to maintain that principle with the technology available at the time.

When setting up a new technology, low cost of entry was a competitive advantage. Doing authentication well is tremendously expensive. I might go so far as to argue that we don’t know how fantastically expensive it is, because we so rarely do it well.

Not getting hung up in easy problems like prioritization or hard ones like authentication, but simply moving packets was what made the internet work. Allowing new associations to be formed, ad-hoc, made for cheap interconnections.

So I remain confused by what he could have meant.

[Update: Vint was kind enough to respond in the comments that he meant the internet of today.]

Make the Smart Choice: Ignore This Label


He said the criteria used by the Smart Choices™ Program™ were seriously flawed, allowing less healthy products, like sweet cereals and heavily salted packaged meals, to win its seal of approval. “It’s a blatant failure of this system and it makes it, I’m afraid, not credible,” Mr. Willett said.

Eileen T. Kennedy, president of the Smart Choices™ board and the dean of the Friedman School of Nutrition Science and Policy at Tufts University, said the program’s criteria were based on government dietary guidelines and widely accepted nutritional standards.

She said the program was also influenced by research into consumer behavior. That research showed that, while shoppers wanted more information, they did not want to hear negative messages or feel their choices were being dictated to them.
“The checkmark means the food item is a ‘better for you’ product, as opposed to having an x on it saying ‘Don’t eat this,’ ” Dr. Kennedy said. “Consumers are smart enough to deduce that if it doesn’t have the checkmark, by implication it’s not a ‘better for you’ product. They want to have a choice. They don’t want to be told ‘You must do this.’ ” (“For Your Health, Froot Loops™“)

Yes, every single one of these is a better choice than a petri dish full of salmonella. Guaranteed, or your money back.

I’ve added ™ marks where I think the New York Times™ should have included them.

Via JWZ.

Non Commercial

If you haven’t listened to Larry Lessig’s 23C3 talk, it’s worthwhile to listen to the argument he makes. As I was listening to it, I was struck by the term non-commercial, and, having given it some thought, think that we need a better word to describe the goals Creative Commons is pursuing.

The term non-commercial reminded me deeply of the invention of non-secret encryption by James Ellis, Clifford Cocks, and Malcolm Williamson at the British GCHQ. Despite having invented what the world now calls public key encryption, the idea languished under both classification and a failure to make the critical jump from ‘non-secret’ to ‘public.’ Even when something isn’t a secret, you might not want to shout it from the rooftops, unless you’re Whit Diffie. In which case you might think that it would be great to have a phone book full of keys. Whit probably wouldn’t have thought of that with ‘non-secret’ keys, but he certainly did think of a directory of public keys.

Defining your movement by what you are not isn’t the best way to rally people to the cause. No one claims to be on either the anti-life or anti-choice side of the abortion debate. Beyond that, I’m going to say that non-commercial as a descriptor may be essential in the legal licenses associated with the Creative Commons licenses. Non-commercial may even be almost the right word but, as Mark Twain pointed out, the difference between the almost right word and the right word is really a large matter–it’s the difference between the lightning bug and the lightning.

So in seeking the right word, it may help to think about what we mean by non-commercial? We mean almost every word we say to our families, children, or lovers. We mean pillow talk, explaining to kids why the sky is blue, and that I would prefer not to live as a vegitable. We mean our scientific papers, our poems and our fair use of the song Happy Birthday. We mean blogging (others may see their blogs as commercial), asking a stranger directions, talking to our elected representatives, water cooler chatter, graffiti, and even all the unneeded words we say to a cashier in a checkout line.

It’s honest speech. It’s human speech. Let’s not demean it by asserting that commercial speech is the norm.