Nick Szabo Blogging

Nick is a premier thinker about history, law and economics, and the lessons they have for security. Take this brief sample from “Origins of the joint-stock corporation:”

The modern joint-stock corporation has many sources in medieval Europe. First among these was corporate law itself. Although the era is commonly referred to as “feudalism,” for the hierarchy of individually owned “fiefs” of land and control of serfs as fixtures of that land, large amounts of wealth in Europe were actually controlled by corporate entities. Chief among these were church lands, the corporate entities being dioceses, religious orders and the Roman Church itself. These entities controlled a substantial fraction of the land in Western Europe. Furthermore cities (with varying degrees of political independence), merchant guilds, craft guilds, and many charitable entities (such as hospitals) were legal “corporations,” i.e. artificial and perpetual legal persons under law. Some basic issues in corporate law (for example, when are officers individually liable for acts of the corporation, and when the corporation is liable for acts of its agents) had already been solved in canon law and urban law long before the joint-stock corporation.

Wilcox Memorial Hospital (Kauai), 120,000 SSNs+ Medical Records, misplaced computer disk

Last month, Wilcox Memorial Hospital in Kauai had to inform 120,000 past and present patients that their private information had been misplaced. Their names, addresses, Social Security numbers, even medical record numbers had been placed on one of those tiny USB flash drives — and now, according to a letter sent home, the drive was missing.

From “Help! I left my identity in the backseat of a taxi,” by Bob Sullivan. Bob has done a fantastic job of covering these stories since he broke the Choicepoint story on Feb 14th (“Database giant gives access to fake firms“), and caused me to have both a breaches and a Choicepoint category. But I’d missed that he’d set up a blog, at The Red Tape Chronicles.)

Thanks to Bryan Fordham for the pointers.

Introducing Arthur

I’d like to introduce Arthur, our newest guest. I was going to say Arthur is not his real name, but that would be a lie. It is his real name for purposes of this blog. It might, however, not be what his wife calls him. (“Sweetie.”)

Arthur is, however, the chief information security officer for a billion dollar company. (That relates slightly to his use of a nickname.) We’d like to be clear that what he says here are not the opinions of his employer.

The Importance of Attitude

Tom Peters has a blog, and in “The Days of Our Lives,” writes about the importance of being present for your customers, not for yourself. I really like his blog. It has a good mix of hubris and humility:

This may be day 45 and mile 76,000 for me, but for the Client it is D-Day for an Important Event (often their year’s #1 event, for God’s sake); hence my exhaustion and accompanying short temper must be thrust aside … and downright cheeriness and spirited engagement must become the invariant orders of the day. Besides, such cheeriness, even if feigned, cheers me up first and foremost!

(Via Paul Kedrosky’s Infectious Greed.)

Flogging The Simian Is Back

In “A Life, Observed,” I mentioned that I’d been enjoying “Flogging The Simian,” and that she’d left due to privacy issues. Well, she’s back, and so are her “PDBs,” her summaries of what’s interesting: ‘” read approximately 50 newspapers every morning and report what I find there, with an emphasis on foreign or international events.” I usually find stuff I’d otherwise miss.

Interesting Tidbits (Adam)

  • John Gruber has an interesting article on the economics of being a one-man software shop, “The Life.” He uses the case of Brent Simmons and NetNewsWire to shed light on why the life of a small software development shop is so hard.
  • Jeff Veen of Adaptive Path has announced “MeasureMap,” a new blog-focused log analysis program. I currently use AWStats, and its not great for blogs. It doesn’t help me see where links come from and go, it doesn’t give me good indications of spike or trends or context. So I look forward to seeing MeasureMap.
  • Bruce Schneier pointed to a lovely story about a French fraudster with panache:

    During the final call he asked for the names of her six richest customers. When she revealed them, he said that one was involved in financing terrorism and was about to withdraw a large sum.

    Gilbert then demanded all the cash at the bank so he could mark the notes with microchips and keep track of the terrorist. A total of €358,000 was to be put in an briefcase and slipped under the door of a brasserie lavatory. The manager did as she was told. The money disappeared.

  • Tom Ptacek explains how Sarbox interacts with security vulnerability announcements in “Today’s Contribution To ‘Vulnerability Science.’

  • Ian Grigg points out that Ben Laurie is blogging at Links.org. Ben is taking issue with Kim Cameron’s “Laws of Identity.” It should be interesting to watch.

Small Bits: Alex Haislip, Chinese Censorship, TSA Xrays

  • Alex Haislip is blogging up a storm at VC Action. I love journalist bloggers; there’s so much interesting backstory that they talk about. And working at Red Herring, Alex has more dirt than he could dish and stay in business. ;)

  • Curt Hopkins points to a fascinating story about the folks who run the great firewall of China, translated from Chinese. I was going to comment on it, but Rebecca MacKinnon comes along and says not only what I was thinking, but a whole lot more, and more insightfully:

    But as with many Chinese news stories, the conclusion is less interesting than the debate raging within the body of the article. And what the article reveals is that there is a lot of pushing back and forth amongst the various players when it comes to the future of Chinese cyberspace. Internet entrepreneurs like the CEO of Bokee.com Fang Xingdong come out against proposals that Chinese internet users must register their real idenities at all times. The internet portal sites conducted surveys showing that their customers (not surprisingly) favor online anonymity…

  • Bruce Schneier points to new research that may obviate any justification for the TSA to look through your clothes:

    Here’s a piece of interesting research out of Ohio State: it’s a passive sensor that could be cheaper, better, and less intrusive than technologies like backscatter X-rays:

    “Unlike X-ray machines or radar instruments, the sensor doesn’t have to generate a signal to detect objects ¬ it spots them based on how brightly they reflect the natural radiation that is all around us every day.”

    “It’s basically just a really bad tunnel diode,” he explained. “I thought, heck, we can make a bad diode! We made lots of them back when we were figuring out how to make good ones.”