Copyrighted Science

In “Shaking Down Science,” Matt Blaze takes issue with academic copyright policies. This is something I’ve been meaning to write about since Elsevier, a “reputable scientific publisher,” was caught publishing a full line of fake journals.

Matt concludes:

So from now on, I’m adopting my own copyright policies. In a perfect world, I’d simply refuse to publish in IEEE or ACM venues, but that stance is complicated by my obligations to my student co-authors, who need a wide range of publishing options if they are to succeed in their budding careers. So instead, I will no longer serve as a program chair, program committee member, editorial board member, referee or reviewer for any conference or journal that does not make its papers freely available on the web or at least allow authors to do so themselves.

Please join me. If enough scholars refuse their services as volunteer organizers and reviewers, the quality and prestige of these closed publications will diminish and with it their coercive copyright power over the authors of new and innovative research. Or, better yet, they will adapt and once again promote, rather than inhibit, progress.

I already consider copyright as a factor when selecting a venue for my (sparse) academic work. However, there’s always other factors involved in that choice, and I don’t expect them to go away. Like Matt, my world is not perfect, and in particular, I’m on the steering committee of the Privacy Enhancing Technologies Symposium, and we publish with Springer-Verlag. I regularly raise the copyright question with the board, which has decided to stay with Springer for now [and Springer does allow authors to post final papers].

There’s obviously a need for a business model for the folks who archive and make available the work, but when many webmail providers give away nearly infinite storage and support it with ads, $30 per 200K PDF is way too high for work that was most likely done on a government grant to improve public knowledge.

I’m not sure what the right balance will be for me, but I’d like to raise one issue which I don’t usually see raised. That is, what to do about citing to these journals? I sometimes do security research on my own, or with friends outside the academic establishment. As a non-academic, I don’t have easy access to ACM or IEEE papers. Sometimes, I’ll pick up copies at work, but that’s perhaps not an appropriate use of corporate resources. Other times, I’ll ask the authors or friends for copies. We need to understand what’s been done to avoid re-inventing the wheel.

If our goal is to ensure that scientific work paid for by the public is not handed over to someone who puts it behind a paywall, perhaps the next step is to apply pressure by only reviewing open access journals and conferences? When I first thought about that, I recoiled from the idea. But the process of looking for previous and related work is a process which must be bounded. There’s simply too many published papers out there for anyone to really be aware of all of it, and so everyone limits what they search. In fact, there are already computer security journals, including Phrack and Uninformed, which are high quality work but rarely cited by academics.

So I’m interested. Does being behind a paywall suffice as a reason to not cite work? If you answer, “no, it’s not sufficient,” how much time or money do you think you or I should reasonably spend investigating possibly related work?

Unmeddle Housing More

Last month, I wrote:

But after 50 years of meddling in the market, reducing the support for housing is going to be exceptionally complex and chaotic. And the chaos isn’t going to be evenly distributed. It’s going to be a matter of long, complex laws whose outcomes are carefully and secretly influenced. Groups who aren’t photogenic or sympathetic will lose out. (I’m thinking “DINKs” in gentrified urban areas.) Groups who aren’t already well-organized with good lobbyists will lose out. (See previous parenthetical.) Those who believed that the government housing subsidy would go on forever will lose. (“Unmeddling Housing,” January )

Now, the New York Times reports on the administration’s plan, calling it “audacious:”

The Obama administration’s much-anticipated report on redesigning the government’s role in housing finance, published Friday, is not solely a proposal to dissolve the unpopular finance companies Fannie Mae and Freddie Mac. It is also a more audacious call for the federal government to cut back its broadly popular, long-running campaign to help Americans own homes. The three ideas that the report outlines for replacing Fannie and Freddie all would raise the cost of mortgage loans and push homeownership beyond the reach of some families. (“Administration Calls for Cutting Aid to Home Buyers,” New York Times)

Audacious would be to put the mortgage interest deductions on the table. This is a move in the right direction, but it’s not going to let people express their real preferences in a market. It will continue to distort the market, reducing people’s flexibility to move, and encouraging them to make their major asset a non-liquid one which is likely to decrease in value as the US population ages.

Unmeddling Housing

For a great many years, US taxpayers have been able to deduct interest paid on a home mortgage from their taxes. That made owning property cost roughly 20% less than it otherwise would have (estimating a 25% tax rate on interest on 80% of a property). So everyone could afford 20% “more” house, which meant that property values inflated until things were in balance again.

It was a good deal for those who were in at the start. But we should also ask, who lost out? First, anyone renting who couldn’t take the deduction. Second, anyone who assumed that this state of affairs would go on forever. Because this week, the chair of the FDIC called for a re-examination of that policy.

Now, this week, Goldman Sachs predicted a 20% drop in Seattle home prices over the next two years, so as a renter, I get to feel a little schadenfreude. But more important, I think, is the chaos of unwinding 50 years of distortion in the housing market.

A great many people have taken the rise in home prices as a bankable truism. Conflating the rise in prices has been a massive increase in the size of houses and lots, underwritten by cheap oil and large highways, but I’m going to mostly set that aside, and focus on the impact of social policy.

Homeownership has a number of downsides. It locks up a tremendous amount of capital in an illiquid investment. It conflates investment and emotional concepts of home. It makes it hard to move when you need a new job.

Now, a government policy to encourage homeownership (uber alles) encourages homeownership. The trouble is, it does so in an unnatural way, and in a way which it now seems appears unsustainable to our bank regulators. That it’s unnatural and unsustainable was always obvious. It’s inherent in the fact that it’s being encouraged. At the margin, there are either people who buy because it’s encouraged, or the policy is an utter failure. So there are people who, without such a policy, would not be homeowners. And homes cost more than they otherwise would.

But after 50 years of meddling in the market, reducing the support for housing is going to be exceptionally complex and chaotic. And the chaos isn’t going to be evenly distributed. It’s going to be a matter of long, complex laws whose outcomes are carefully and secretly influenced. Groups who aren’t photogenic or sympathetic will lose out. (I’m thinking “DINKs” in gentrified urban areas.) Groups who aren’t already well-organized with good lobbyists will lose out. (See previous parenthetical.) Those who believed that the government housing subsidy would go on forever will lose.

Most of all, those of us who lived within our means are going to lose out as the taxpayer “helps cushion” the “unpredictable” changes.

The worst part is, government never needed to get involved.

[This was written in June, I forgot to hit post, so the dates are a little off.]

Israeli Draft, Facebook and Privacy

A senior officer said they had found examples of young women who had declared themselves exempt posting photographs of themselves on Facebook in immodest clothing, or eating in non-kosher restaurants.

Others were caught by responding to party invitations on Friday nights – the Jewish Sabbath. (“Israeli army uses Facebook to expose draft dodgers,” Wyre Davies, BBC)

What’s interesting to me about this story is that it illustrates how part of the cost of using Facebook is the occluded future. If you’d asked me if Facebook impacted on military draft, I’d have said no. Predictions are hard, especially about the future. And the young women in question probably didn’t think that their use of a social networking site would cause them to be drafted.

A second interesting aspect to this is that it indicates that one’s Facebook profile, in aggregate, is a religious identifier. That’s interesting because religious information is categorized specially under the Canadian privacy act (PIPED) and possibly also under European data protection laws. I haven’t seen this aspect covered in the analyses that I’ve read from those regulators. (Admittedly, I have not read all of those analyses.)

It’s not TSA’s fault

October 18th’s bad news for the TSA includes a pilot declining the choice between aggressive frisking and a nudatron. He blogs about it in “Well, today was the day:”

On the other side I was stopped by another agent and informed that because I had “opted out” of AIT screening, I would have to go through secondary screening. I asked for clarification to be sure he was talking about frisking me, which he confirmed, and I declined. At this point he and another agent explained the TSA’s latest decree, saying I would not be permitted to pass without showing them my naked body, and how my refusal to do so had now given them cause to put their hands on me as I evidently posed a threat to air transportation security (this, of course, is my nutshell synopsis of the exchange). I asked whether they did in fact suspect I was concealing something after I had passed through the metal detector, or whether they believed that I had made any threats or given other indications of malicious designs to warrant treating me, a law-abiding fellow citizen, so rudely. None of that was relevant, I was told. They were just doing their job.

It’s true. TSA employees are just doing their job, which is to secure transportation systems. The trouble is, their job is impossible. We all know that it’s possible to smuggle things past the nudatrons and the frisking. Unfortunately, TSA’s job is defined narrowly as a secure transportation system, and every failure leads to them getting blamed. All their hard work is ignored. And so they impose measures that a great many American citizens find unacceptable. They’re going to keep doing this because their mission and jobs are defined wrong. It’s not the fault of TSA, it’s the fault of Congress, who defined that mission.

It’s bad enough that the chairman of British Airways has come out and said “Britain has to stop ‘kowtowing’ to US demands on airport checks.”

The fix has to come from the same place the problem comes from. We need a travel security system which is integrated as part of national transportation policy which encourages travel. As long as we have a Presidential appointee whose job is transportation security, we’ll have these problems.

Let’s stop complaining about TSA and start working for a proper fix.

So how do we get there? Normally, a change of this magnitude in Washington requires a crisis. Unfortunately, we don’t have a crisis crisis right now, we have more of a slow burning destruction of the privacy and dignity of the traveling public. We have massive contraction of the air travel industry. We have the public withdrawing from using regional air travel because of the bother. We may be able to use international pressure, we may be able to use the upcoming elections and a large number of lame-duck legislators who feared doing the right thing.

TSA is bleeding and bleeding us because of structural pressures. We should fix those if we want to restore dignity, privacy and liberty to our travel system.

Money is information coined

In the general case, you are not anonymous on the interweb, but economically-anonymous, which I propose to label “enonymous”, and that’s not the same thing at all. If you threaten to kill the President, you will be tracked down, and the state will spend the money it takes on it. But if you call Lily Allen a a hereditary celebrity and copyright hypocrite (not my own views, naturally) then it’s not worth the state’s money to track you down. If Lily wants to spend her own money on tracking you down and taking a civil action for libel, then fair enough, that’s the English way of limiting free speech. If the newspapers want to spend their own money on it, fine.

I think this is an interesting approach, bringing friction into the definition. It resonates as related to an information-centric definition of anonymity. If we say that money is information coined, then we bring in Hayek. Which is always good fun.

The explicit introduction of money as a way to measure (a subset of) privacy invasions allows us to think about the erosion of privacy by the addition of technology. We know that the internet makes it easier, and perhaps money is that yardstick. What does it take to track down your property taxes? It’s gone from sending someone to the county records office to having someone with a browser. So Alice’s privacy with respect to Bob is not only lower, it’s no longer related to the cost of travel. We’ve zero’d out a term in the cost equation, and that leads to all sorts of chaos.

Anyone engaged in the NSTIC discussion should read and ponder the line of reasoning that Dave extracts over a long and chaotic set of sources. His post advances the discussion around NSTIC, and raises questions that must be answered if that work is to lead anywhere.

The NSTIC proposal places no value on anonymity; indeed, it evinces an apparent lack of understanding of what anonymity really means. It takes for granted the need for authentication (if we pay in cash, why does a merchant, much less a common carrier or government agency, need to know about us other than that our money isn’t counterfeit?) and confuses a policy that purportedly restricts disclosure of our identity with actual non-knowledge of our identity.
[From Papers, Please! » Blog Archive » Public says “No” to national cyberspace ID proposal]

If we in Europe decide to develop our own kind of European Strategy on Trusted Identites in Cyberspace (ESTIC) then I think it should not only include both conditional and unconditional anonymity but should strive to make it clear that, like pseudonymity, these types of online persona will be the norm, not the exception.

Databases or Arrests?

From Dan Froomkin, “FBI Lab’s Forensic Testing Backlog Traced To Controversial DNA Database,” we see this example of the mis-direction of key funds:

The pressure to feed results into a controversial, expansive DNA database has bogged down the FBI’s DNA lab so badly that there is now a two-year-and-growing backlog for forensic DNA testing needed to solve violent crimes and missing persons cases.

Civil libertarians call the database — which increasingly includes everyone convicted of every federal law, legally innocent people awaiting trial and non-citizens detained in the U.S. for any reason — unnecessary and unconstitutional.

And yet a review by the Department of Justice’s Inspector General released on Monday concludes that the need to analyze and upload some 96,973 or more DNA samples a year into that database is contributing to a backlog of forensic DNA cases that stood at 3,211 in March.

That translates into a delay of about 150 days to over 600 days for law enforcement agencies who need answers right away.

We need to defund the database and use that money for something more useful, like getting that 150 days down to 5 or 10 for active criminal cases.

Via Michael Froomkin, “FBI Prefers Building DNA Database to Solving Crimes

Mobile Money for Haiti: a contest

This is cool:

The Bill & Melinda Gates Foundation is using its financial clout to push the Haitian marketplace toward change by offering $10 million in prizes to the first companies to help Haitians send and receive money with their cell phones…

The fund will offer cash awards to companies that initiate mobile financial services in Haiti. The first company to launch a mobile money service that meets certain criteria in the next six months will receive $2.5 million. The second operator to launch and reach these benchmarks within 12 months will receive $1.5 million. Another $6 million will be awarded as the first 5 million transactions take place, divided accordingly between those operators that contributed to the total number of transactions.

For more details, see the press release.

It’s Hard to Nudge

There’s a notion that government can ‘nudge’ people to do the right thing. Big examples include letting people opt-out of organ donorship, rather than opting in (rates of organ donorship go from 10-20% to 80-90%, which is pretty clearly a better thing than putting those organs in the ground or crematoria). Another classic example was participation in 401k retirement accounts, but somehow after the market meltdown, that’s getting less press.

A smaller example is how telling people they’re using more power than others, their power consumption declined. Awesomeness, right? Conservation is the easiest, freest power you can get. Remember that a 150 watt lightbulb consumes twice as much power as your laptop. And most of that goes to waste heat, but I digress. Let’s go back to that nudge study, described in this Slate article:

In a study evaluating the program’s effectiveness, Opower researchers compared power use before and after the HERs began arriving, and further compared this change with a group of control households that never received the reports. On average, the HER households reduced their consumption in the months that followed by a little less than 2 percent. Not bad, but probably not enough to save the planet.

and also:

One problem with this approach is that we all define “better” differently, as a new study emphasizes. UCLA economists Dora Costa and Matthew Kahn analyzed the impact of an energy-conservation program in California that informed households about how their energy use compared with that of their neighbors. While the program succeeded in encouraging Democrats and environmentalists to lower their consumption, Republicans had the opposite reaction. When told of their relative thrift, they started cranking up the thermostat and leaving the lights on more often. … One explanation is that many conservatives don’t believe that burning energy harms the planet, so when they learn that they’re better than average, they become less vigilant about turning the lights off. That is, they’re simply moving closer to what they now know is the norm.

People are complex. It’s hard to know what matters to people, and it’s hard to know what additional information will do to a market. As Hayek pointed out, this is why central planning fails. The planners can’t know all.

And when we start nudging people, lots more chaos will emerge. Planners don’t become better by giving people opt-outs from their planning. And while nudging is better than authoritarianism, it’s still worse than a government which does only what it needs to do.

In the case of energy consumption, a market is emerging to help people see what drives their energy consumption and environmental impact. Better to let a thousand startups bloom, and let the creativity of engineers and those who care deeply help people drive down their electricity use. Everyone else will pay for their long-burning lights, and if electricity is fairly priced, then that’s their choice.

The paper is at “Energy Conservation “Nudges” and Environmentalist Ideology: Evidence from a Randomized Residential Electricity Field Experiment,” National Bureau of Economic Research.

Women In Security

Today is Ada Lovelace Day, an international day of blogging to celebrate the achievements of women in technology and science.

For Lady Ada Day, I wanted to call out the inspiring work of Aleecia McDonald. In a privacy world full of platonic talk of the value of notice and consent, Aleecia did something very simple: she figured out how long it would take for consumers to do what the Direct Marketing Association recommends: read privacy policies.

She then multiplied that by an estimate of how much it would cost, and demonstrated pretty conclusively what we all intuitively knew: the current scheme is a massive wealth transfer because of transaction costs. (I’m interpreting her results here; I believe she would be more conservative in the interpretation.)

Her work also prefigures Cormac Herley‘s recent work “So Long, and No Thanks for the Externalities: the Rational Rejection of Security Advice by Users.”

So Aleecia McDonald is my choice for a woman in science and technology who’s inspiring me to think about the economics of security and privacy in new ways.

PS: I have an another choice over at The New School blog. Hey, two blogs, two choices.

Some Chaotic Thoughts on Healthcare

Passage of this bill is too big for my little brain, and therefore I’ll share some small comments. I’m going to leave out the many anecdotes which orient me around stupid red tape conflicts in the US, how much better my health care was in Canada (and how some Canadian friends flew to the US for optional procedures), etc.

I am glad that some of the worst elements of the American health care system are getting reined in. I can think of few worse ways to accomplish that goal, and many better ones. People thinking as I do are why the system perpetuated in the form that it did.

I am pessimistic that the system proposed will achieve its broader goals. The Massachusetts model is cumbersome and ineffective. Optimistic ideas about how prices would fall in a regulated market did not come to pass. The likely next step is a government run health system with supplemental insurance available. I expect this will come to pass in 10-20 years. Medicare seems reasonably well run for an American government program.

The Republican failure to push a coherent and principled alternative will haunt them. Going into the next election cycles, 32 million people will have some idea that the Democrats gave them bread and circuses health care. David Frum describes it as a Waterloo. I’m hopeful but not optimistic that the Tea Bagger Party will follow in the tradition of the Know Nothings and just fade away. I used to be hopeful that the Libertarians would split from the Republicans, but they’ve failed to. I would not be surprised to see the Republican minority shrink in 2010 and 2012, and I think some (but not all) of the shrillness I hear is people who fear that outcome is now inevitable.

I do expect that removing the health care impediment to entrepreneurship will be very positive for smaller companies. I wish we’d apply that same thinking to health care, enable people to make choices for themselves, and let the government own the residual risks, as it does today. But no one offered a credible way to un-couple employment and insurance that would let people keep their doctors, short of nationalization.

Anyway, there’s my negative 8 cents on the bill.

Please keep comments civil.

“We can’t circumvent our way around internet censorship.”

That’s the key message of Ethan Zuckerman’s post “Internet Freedom: Beyond Circumvention.” I’ll repeat it: “We can’t circumvent our way around internet censorship.”

It’s a long, complex post, and very much worth reading. It starts from the economics of running an ISP that can provide circumvention to all of China, goes to the side effects of such a thing (like spammers using it), and then continues to ask why we want circumvention anyway.

Take some time and go read “Internet Freedom: Beyond Circumvention.”

Ignorance of the 4 new laws a day is no excuse

Code-of-Hammurabi.jpgThe lead of this story caught my eye:

(CNN) — Legislatures in all 50 states, the District of Columbia, Guam, the Virgin Islands and Puerto Rico met in 2009, leading to the enactment of 40,697 laws, many of which take effect January 1.

That’s an average of 753 laws passed in each of those jurisdictions. At 200 working days in a year, which is normal for you and me, that’s nearly 4 laws per day.

Now, there’s a longstanding principle of law, which is that ignorance of the law is no excuse. That goes back to the day when laws, like the code of Hammurabi, were inscribed at a rate of about 4 letters per day. The laws were posted in the city center where both of the literate people could read them.

Joking aside, at what point does knowledge of the law become an unreasonable demand on the citizenry? Civil rights lawyer Harvey Silvergate has a new book, “Three Felonies a Day: How the Feds Target the Innocent. I haven’t read it, but as I understand, it’s largely about the proliferation of vague laws, not the sheer numbers.

A few years back, Aleecia McDonald and Lorrie Cranor calculated the cost of reading and understanding the privacy policies of the sites you visit. It was $365 billion. It might be interesting to apply the same approach to the work of legislatures.

768-bit RSA key factored

The paper is here.

The very sane opening paragraph is:

On December 12, 2009, we factored the 768-bit, 232-digit number RSA-768 by the number field sieve (NFS, [19]). The number RSA-768 was taken from the now obsolete RSA Challenge list [37] as a representative 768-bit RSA modulus (cf. [36]). This result is a record for factoring general integers. Factoring a 1024-bit RSA modulus would be about a thousand times harder, and a 768-bit RSA modulus is several thousands times harder to factor than a 512-bit one. Because the first factorization of a 512-bit RSA modulus was reported only a decade ago (cf. [7]) it is not unreasonable to expect that 1024-bit RSA moduli can be factored well within the next decade by an academic effort such as ours or the one in [7]. Thus, it would be prudent to phase out usage of 1024-bit RSA within the next three to four years.

It’s an interesting read if factoring fascinates you.

Some thoughts on the Olympics, Chicago and Obama

So the 2016 Olympics will be in Rio de Janeiro. Some people think this was a loss for Obama, but Obama was in a no-win situation. His ability to devote time to trying to influence the Olympics is strongly curtailed by other, more appropriate priorities. If he hadn’t gone to Copenhagen, he would have been blamed for not caring. If he went, he’s blamed anyway. In reality, he does have some control over what happened. He could have fixed the “harrowing experience” we show the world under the ironic words “Welcome to the United States:”

In the official question-and-answer session following the Chicago presentation, Syed Shahid Ali, an I.O.C. member from Pakistan, asked the toughest question. He wondered how smooth it would be for foreigners to enter the United States for the Games because doing so can sometimes, he said, be “a rather harrowing experience.” (New York Times, “Rio Wins“)

Ironically, the President has experienced harrowing nonsense at borders, see “US Senators Detained In Russia.” He should put someone on fixing the Customs and Immigration service before it costs us even more.

However, it’s really unclear if the “loss” is a loss. “No Games Chicago” was a citizens group advocating against destroying Chicago’s parks and budget for the Olympics, and according to CNN, 45% of the city’s residents didn’t want the games. And as the AP documents in “Olympics Aren’t Necessarily an Economic Bonanza,” the outlandish “economic benefit” numbers that Olympic advocates usually throw around are based on a “multiplier effect” of around 3. Me, I know what an Olympics event costs–Montreal taxpayers paid off the ’76 Olympics in 2006.

So congratulations, Rio. I hope you don’t bulldoze the less waelthy neighborhoods, and I hope you’re all paid off by 2030 or so.