It’s not TSA’s fault

October 18th’s bad news for the TSA includes a pilot declining the choice between aggressive frisking and a nudatron. He blogs about it in “Well, today was the day:”

On the other side I was stopped by another agent and informed that because I had “opted out” of AIT screening, I would have to go through secondary screening. I asked for clarification to be sure he was talking about frisking me, which he confirmed, and I declined. At this point he and another agent explained the TSA’s latest decree, saying I would not be permitted to pass without showing them my naked body, and how my refusal to do so had now given them cause to put their hands on me as I evidently posed a threat to air transportation security (this, of course, is my nutshell synopsis of the exchange). I asked whether they did in fact suspect I was concealing something after I had passed through the metal detector, or whether they believed that I had made any threats or given other indications of malicious designs to warrant treating me, a law-abiding fellow citizen, so rudely. None of that was relevant, I was told. They were just doing their job.

It’s true. TSA employees are just doing their job, which is to secure transportation systems. The trouble is, their job is impossible. We all know that it’s possible to smuggle things past the nudatrons and the frisking. Unfortunately, TSA’s job is defined narrowly as a secure transportation system, and every failure leads to them getting blamed. All their hard work is ignored. And so they impose measures that a great many American citizens find unacceptable. They’re going to keep doing this because their mission and jobs are defined wrong. It’s not the fault of TSA, it’s the fault of Congress, who defined that mission.

It’s bad enough that the chairman of British Airways has come out and said “Britain has to stop ‘kowtowing’ to US demands on airport checks.”

The fix has to come from the same place the problem comes from. We need a travel security system which is integrated as part of national transportation policy which encourages travel. As long as we have a Presidential appointee whose job is transportation security, we’ll have these problems.

Let’s stop complaining about TSA and start working for a proper fix.

So how do we get there? Normally, a change of this magnitude in Washington requires a crisis. Unfortunately, we don’t have a crisis crisis right now, we have more of a slow burning destruction of the privacy and dignity of the traveling public. We have massive contraction of the air travel industry. We have the public withdrawing from using regional air travel because of the bother. We may be able to use international pressure, we may be able to use the upcoming elections and a large number of lame-duck legislators who feared doing the right thing.

TSA is bleeding and bleeding us because of structural pressures. We should fix those if we want to restore dignity, privacy and liberty to our travel system.

Collective Smarts: Diversity Emerges

Researchers in the United States have found that putting individual geniuses together into a team doesn’t add up to one intelligent whole. Instead, they found, group intelligence is linked to social skills, taking turns, and the proportion of women in the group.
[…]
“We didn’t expect that the proportion of women would be a significant influence, but we found that it was,” Prof. Woolley, an organizational psychologist, said in an interview. “The effect was linear, meaning the more women, the better.”

The Globe and Mail, “If you want collective smarts…” In her interview with Quarks and Quirks, Woolley was careful to say that it wasn’t gender per se, but social awareness, but that such awareness correlates strongly with gender.

Another personal data invariant that varies

Just about anything a database might store about a person can change. People’s birthdays change (often because they’re incorrectly reported or recorded). People’s gender can change. One thing I thought didn’t change was blood type, but David Molnar pointed out to me that I’m wrong:

Donors for allogeneic stem-cell transplantation are selected based on their HLA type (tissue type), and not on their blood type. Therefore, it is quite common that the donor and patient have different blood types. The blood type is determined by the red cells. After transplant and bone-marrow recovery the red cells will come from the donor and have the donor’s blood type. As an example, if the patient is blood type A, and the donor is blood type O, the patient after transplant will become blood type O. The long-term outcome of an allogeneic stem-cell transplant is affected only to a small degree by the blood types of the donor and recipient. If an ABO difference exists, the transplant itself may create some technical difficulties, but these can be easily overcome. Red-cell recovery may be delayed after such transplants, and the patient may need support with red-cell transfusions for a prolonged period of time. More importantly, the patient should be aware that the blood type has changed or will change, and that old blood type cards are no longer valid. IBMT will provide you with a laminated card that indicates that your blood type may have changed. After your bone-marrow function has fully recovered, you may receive red cells of your new blood type. During the transplant process, usually red cells of blood type O are used, since these can be used for any patient (universal donor).
(“Indiana Blood and Marrow Transplantation“)

David continues:

The Seattle Cancer Care Alliance is the #1 by volume in the U.S and does several thousand per year. So that means several people per day are having their blood type changed right here in Seattle.

Does your database and e-health record support updating your blood type record?

Money is information coined

In the general case, you are not anonymous on the interweb, but economically-anonymous, which I propose to label “enonymous”, and that’s not the same thing at all. If you threaten to kill the President, you will be tracked down, and the state will spend the money it takes on it. But if you call Lily Allen a a hereditary celebrity and copyright hypocrite (not my own views, naturally) then it’s not worth the state’s money to track you down. If Lily wants to spend her own money on tracking you down and taking a civil action for libel, then fair enough, that’s the English way of limiting free speech. If the newspapers want to spend their own money on it, fine.

I think this is an interesting approach, bringing friction into the definition. It resonates as related to an information-centric definition of anonymity. If we say that money is information coined, then we bring in Hayek. Which is always good fun.

The explicit introduction of money as a way to measure (a subset of) privacy invasions allows us to think about the erosion of privacy by the addition of technology. We know that the internet makes it easier, and perhaps money is that yardstick. What does it take to track down your property taxes? It’s gone from sending someone to the county records office to having someone with a browser. So Alice’s privacy with respect to Bob is not only lower, it’s no longer related to the cost of travel. We’ve zero’d out a term in the cost equation, and that leads to all sorts of chaos.

Anyone engaged in the NSTIC discussion should read and ponder the line of reasoning that Dave extracts over a long and chaotic set of sources. His post advances the discussion around NSTIC, and raises questions that must be answered if that work is to lead anywhere.

The NSTIC proposal places no value on anonymity; indeed, it evinces an apparent lack of understanding of what anonymity really means. It takes for granted the need for authentication (if we pay in cash, why does a merchant, much less a common carrier or government agency, need to know about us other than that our money isn’t counterfeit?) and confuses a policy that purportedly restricts disclosure of our identity with actual non-knowledge of our identity.
[From Papers, Please! » Blog Archive » Public says “No” to national cyberspace ID proposal]

If we in Europe decide to develop our own kind of European Strategy on Trusted Identites in Cyberspace (ESTIC) then I think it should not only include both conditional and unconditional anonymity but should strive to make it clear that, like pseudonymity, these types of online persona will be the norm, not the exception.

AT&T, Voice Encryption and Trust

Yesterday, AT&T announced an Encrypted Mobile Voice. As CNet summarizes:

AT&T is using One Vault Voice to provide users with an application to control their security. The app integrates into a device’s address book and “standard operation” to give users the option to encrypt any call. AT&T said that when encryption is used, the call is protected from end to end.

AT&T Encrypted Mobile Voice is designed specifically for major companies, government agencies, and law enforcement organizations. An AT&T spokesperson said it is not available to consumers. The technology is available to users running BlackBerry devices or Windows Mobile smartphones, and it works in 190 countries.

Organizations interested in deploying Encrypted Mobile Voice will need to pay an additional fee to do so. AT&T said that cost depends on the size of the deployment. (“AT&T improves service security with encryption

Jake Appelbaum and Chris Soghoian expressed skepticism. (“From the company that brought you NSA wire tapping, they thought you’d also like….” and “If you trust AT&T’s new voice encryption service, you are a fool.“)

What’s funny (sad) about this is that there are a number of software encrypted voice systems available. They include RedPhone, CryptoPhone and zFone. Some of these even work on pocket sized computers with integrated radios. But Apple and AT&T won’t let you install alternate voice applications.

A lot of people claim that these restrictions on what you can do with your device just don’t matter very much. That you can really get everything you need. But here’s a clear example of why that isn’t so. Voice encryption is a special app that you have to get permission to run.

Now, maybe you don’t care. You’re “not doing anything wrong.” Well, Hoder wasn’t doing anything wrong when he went to Israel and blogged about it in Farsi. But he’s serving 20 years in jail in Iran.

Now is the time we should be building security in. Systems that prevent you from doing so, or systems that reset themselves to some manufacturer designated default are simply untrustworthy. We should demand better, more trustworthy products or build them ourselves.

[Added: I’d meant to include a comment about Adam Thierer’s comment “The more interesting question here is how “closed” is the iPhone really?” I think the answer is, in part, here. There’s a function, voice privacy, for which AT&T and three other companies think is marketable. And it doesn’t exist on the iPhone OS, which is the 2nd most prevalent phone platform out there.]

[Update 2: Robert and Rob rob me of some of my argument by pointing out that AT&T now allows you to install voice apps, but none of the encrypted voice apps that I’d consider trustworthy are available. (I exlude Skype and their proprietary & secret designs from trustworthy; it’s probably better than no crypto until you trust it, then it’s probably not good enough to really protect you.) Maybe this is a result of the arbitrary rejections by the Apple app store, but when I look for zfone, redphone or cryptophone, I see a fast dial app and some games. When I search for crypto, it’s all password managers. So while I’m no longer sure of the reason, the result remains. The iPhone is missing trustworthy voice crypto, despite the market.]

Free Hossein Derakhshan

Apparently, the Iranian Government has sentenced Hossein “Hoder” Derakhshan to 19.5 years in jail for “collaborating with enemy states, creating propaganda against the Islamic regime, insulting religious sanctity, and creating propaganda for anti-revolutionary groups.” If you think putting bloggers or journalists in jail is wrong, please, please take a moment to sign the petition to free him.

I’m shocked and appalled. I’d met Hoder once, when I was working with the Committee to Protect Bloggers on ways to help bloggers in repressive regimes protect their privacy and freedom of speech. He was a nice fellow, and helped me understand some little bit of the complexity of the Iranian blogosphere.

Regardless of our having met and him being a nice guy, the sentence can not be described except as insane and unjust.

No one should be in jail because of peaceful efforts to improve understanding between societies.

For more, please see the Free Hoder blog has an interview with Hoder’s mom, and there’s another blog Free the Blogfather, which is in French.

Please take a moment to sign the petition to free him, and ask your friends to do the same.