Bluetooth vs Infrared

John Early has an interesting editorial over at Computer Weekly “Infrared meets speed and security needs:”

Famously associated with applications such as personal digital assistant to laptop synchronisation, PDA business card exchange and short-haul mobile phone data transfer; IRDA, with its short range and relatively low 4mbps throughput, was understandably discounted by the IT community as irrelevant for WLan application.

Infrared has squared up to recent competition from Bluetooth, an alternative radio frequency communications standard designed to support similar connectivity to IRDA. Simple set-up and good reliability initially secured IRDA’s popularity over Bluetooth. More recently, questions about Bluetooth’s inherent insecurity have reinforced IRDA’s popularity.

He doesn’t mention that it’s easy to make IR connections directional (actually, its hard to make them omnidirectional), which is very useful for some applications.

The right architecture makes security much easier. The use of RFID in passports will always be a problem in search of a solution, adding to the cost and risks for a use case that’s unclear. Using IR to link local devices is a win because it aligns the security properties that people expect (that walls block things) with the reality.

(Via InfoSec News.)

Choicepoint Roundup

  • Household Watch has a story:

    When Ms. Marshall got a $6,000 home-improvement loan from a credit union in April 2003, she had to pay relatively high interest because of a weak credit score. The credit check had showed a court ruling ordering her to pay overdue rent to a former landlord in a Washington, D.C., suburb. But the judgment had been caused by a court error and vacated by a judge – facts that didn’t make it into her credit history. It turned out that a ChoicePoint contractor at a courthouse hadn’t properly updated the file, and that Equifax, the credit bureau, purchased the erroneous entry from ChoicePoint.

    Unfortunately, the suit was thrown out after the errors were fixed. That sort of decision encourages these companies to be sloppy with their data gathering processes. Data processing professionals used to say “Garbage in, garbage out.”

  • The LA Times has an article “ID Theft Coverage Draws Criticism.
  • Finally, its been too long, but today Two Minutes Hate comes to you from…The San Jose Mercury News, who says that “Thieves go where the data is — while Congress just fiddles.” (Ironic for a company that insists on collecting data from you, or really, from Bugmenot.)

Choicepoint vs CIA

The New York Times has a long article on the successors to Air America, “C.I.A. Expanding Terror Battle Under Guise of Charter Flights.” The bit that really caught my attention was:

On closer examination, however, it becomes clear that those companies appear to have no premises, only post office boxes or addresses in care of lawyers’ offices. Their officers and directors, listed in state corporate databases, seem to have been invented. A search of public records for ordinary identifying information about the officers – addresses, phone numbers, house purchases, and so on – comes up with only post office boxes in Virginia, Maryland and Washington, D.C.

But whoever created the companies used some of the same post office box addresses and the same apparently fictitious officers for two or more of the companies. One of those seeming ghost executives, Philip P. Quincannon, for instance, is listed as an officer of Premier Executive Transport Services and Crowell Aviation Technologies, both listed to the same Massachusetts address, as well as Stevens Express Leasing in Tennessee.

No one by that name can be found in any public record other than post office boxes in Washington and Dunn Loring, Va.

In the past, the FBI could set up undercover agents, or those in the witness protection program, by talking to “the big three” credit agencies. If the CIA needed cover identities, they could do the same.

But today, “thanks” to the profusion of businesses dedicated to bringing public records access to everyone, these techniques no longer work. You can’t ask three patriotic businesses to help you, you’d need to give a list of identities to create to tens? hundreds? of businesses. I expect that CIA believes at least one of those businesses is a front for Al Qaeda, and thus, this is inconceivable, to hand out a list of covert officers.

Just another way in which privacy helps security.

The FBI Goes Undercover

The New York Times is reporting on a number of undercover investigations that have lead to charges against people accused of helping or trying to help terrorists. in “Trying to Thwart Possible Terrorists Quickly, F.B.I. Agents Are Often Playing Them.”

The use of undercover agents is an excellent move by the FBI, and should be applauded for two reasons. First, it focuses investigation around techniques which the FBI is good at, not on unworkable and controversial data mining and privacy invasions. Second, because it raises the cost of acting as a terrorist sympathizer, by forcing them to ask “Is this real or a sting?”

There are important questions of entrapment, but in this case:

So when the supposed terrorists sought to have Mr. Grecula build them a bomb that he said could wipe out everything within 3,000 feet, he did not flinch, prosecutors said. “Of course, I don’t like how y’all are killing Americans, but America has asked for it,” he said, according to a court transcript. “They want a war, they got it.”

Oversight of these operations is crucial to avoid disrupting peaceful groups (a la CoIntelPro or CISPES.) We can hope that a desire to avoid another massive attack will be strong enough to overcome the FBI’s habit of letting these operations go astray.

Privacy and Courage

I met Hossein Derakhshan at Blognashville. He and I respectfully disagree about the value of privacy to bloggers in oppressive regimes. He points out (correctly) that a blogger who has the courage to use his or her own name gains credibility. While I don’t disagree, I think there are people out there who don’t blog because of the risk. And I’d like to help them.

But there’s a whole next level of courage, and that’s when a critic of a regime goes home to cover events. And as Wired News points out:

Soon he hopes to head back to Iran. On June 17, Iranians will go to the polls to elect a president. Derakhshan wants to be there to post reports on his blog, Editor: Myself ( “I have this little window where I can go home,” he says, eyeing the retro-punks squeezing past the table on their way to the bar. “But it will still be very dangerous for me. On one hand, Iran will be on its best behavior because of all the foreign press covering the election. On the other hand, all it would take is one week of torture to give me years of nightmares.”

So, Hossein, my hat’s off to you, and I wish you an enjoyable and safe journey, and an uneventful flight home.

Speaking of Usability: Privacy and Openness

Jon Mills, who has been heading up Florida’s Committee on Privacy and Court Records. He has an article in the HeraldTribune:

How do we balance the competing values of privacy and openness? The Internet makes possible greater openness, so indispensable to good government, and allows for greater convenience in accessing government services, including court records. However, such technology also places the privacy of Floridians at risk.

at the end of which, he invites public comment at the Florida Courts website. The draft report was a bit hard to find. (73 page pdf).

There’s a tough balance to maintain; what records are private? What information do you need to disclose to the courts? Should the Choicepoints of the world have unfettered access to that data?

If someone files a restraining order against an ex, do they have to disclose an address? If so, should that address, provided to the courts out of fear for ones life, be made available to anyone who shows up at the courthouse?

Speaking of public records, The Virginia Watchdog does a great job of showing how much private information is available to anyone on the web.

Usability Testing

ok-cancel-cancel.pngNat Friedman has a good post on usability testing:

Over the last several months we at Novell have sent a team of people around the world with a portable usability testing lab…
It is amazing to watch the ways that people fall on their face. We’ve all read about the benefits of usability testing, but until you actually try to sit still through two hours of these videos, it isn’t a visceral experience for you. It is exciting, and totally emotionally exhausting. You squirm. And it focuses you like a laser.

For example, we asked a lady to send mail to a friend. Against all odds, she started Evolution (nothing in the menus indicates that it’s a mail program; something we hadn’t realized before but which was immediately obvious after watching her stalk one-by-one through the menu items muttering to herself along the way).

The correct next step would have been for her to click on the “New” button that’s in the upper-left-hand corner of the window. This button didn’t even register for her, however. Instead, because she wanted to “send” a mail, she clicked repeatedly on the “Send” part of the “Send / Receive” button just to the right. For about a minute.

The lovely dialog box is not from Nat’s testing, but from SunTrust’s Internet Banking Help pages. The very smart people over at Apple solved this by saying that dialog boxes should contain verbs, and maybe extra descriptive words. Perhaps “Cancel Payment” and “Don’t Cancel Payment” would make for fine buttons. Nah. Then what would the help desk people do?

(Speaking of usability, why can’t I just drag and drop an image into MarsEdit?)


The French have apparently rejected the EU Constitution. With 83% of the votes counted, it’s 57% Non, according to ABC news.

The draft constitution was, from my perspective, the worst of the new Europe: Opaque, complex and undemocratic. We can hope that new blood in the EU will press for a simpler, more transparent, and more responsive new constitution.

Of course, its also possible that France will simply ask its citizens to vote again and again until they get it right, or maybe they’ll buy voting machines from Diebold, which contain features to prevent this sort of embarrassing problem.

French Elections

You might not know it if you read only the American press, but the French voted today in a referendum on the European Union’s proposed Constitution. It’s an awful document, and the French are expected to reject it, plunging the EU into crisis, and leading to the Chancellor being made Emperor.

If the EU would like to roll ahead with a new constitution, we have a perfectly fine one that addresses a great many of the issues they’re fighting over. It’s time-tested, and we’re not using it out of copyright.

Social Security

I try to stay out of debates that have devolved into the red and blue halves of the Demopublican party screaming soundbites at each other. The party hopes that the American people won’t notice that they’re the same if they yell and scream a lot, and I try not to play their game.

C. Eugene Steuerle also declines to play their game, but he does it by actually sitting down and analyzing the social security issue, in depth. Scrivener describes him:

Steuerle is an economist who served in the Treasury for both Republican and Democratic administrations, and played a significant role in putting together the Tax Reform of 1986, which bi-partisanly lowered tax rates and broadened the tax base — the best tax law this country has seen in generations, and one that Congress has been hacking away at ever since.

As Scrivener says, his testimony before the House Ways and Means committee is hard to excerpt effectively. Read it. Then ask yourself, why is this sort of thing rare?

Only Two Cheers for the Jedi?

Bryan Caplan takes issue with his mentor, Tyler Cowen over “The public choice economics of Star Wars: A Straussian reading. (I also commented on that post). Caplan says:

After Anakin’s betrayal, the remnant of surviving Jedi reveal their “secret and mysterious ends.” They turn out to be neither secret nor mysterious. Yoda and Obi-wan take on near-suicide missions to assassinate the Emperor and Anakin before they solidify their totalitarian rule. It’s about as diabolical as the German officers’ plot to kill Hitler.

So why only two cheers for the Jedi? Because their enduring virtue strains my suspension of disbelief. In reality, the power of the Jedi would swiftly attract talented but unscrupulous careerists. In a generation or two they would take over. In another generation these power-hungry pragmatists would turn to the Dark Side.

I’m not going to argue that power tends to corrupt, but would the Jedi order attract “talented but unscrupulous careerists?” The Jedi take their students very young. Some of the “younglings” seem to be 6 or 8 at most. Presumably, part of the reason for that is so that they can be raised to have scruples. Being brought up by the Jedi, you’re unlikely to have much privacy. Not only are you living in a temple, but the masters can sense your feelings and inner conflicts.

Finally, using the force requires training. Luke knows nothing of the force when he meets Obi Wan. So most unscrupulous trainees, who can’t manage to hide their feelings from their instructors, will be kicked out, untrained and unable to use the force.

My Navel, it is Fascinating!

I’ve played with the stylesheet for the web version of the blog, added an individual-i logo, removed the calendar and put the search bits in what seems like a more rational order. Some other general tweaks, too, in the hopes of making the web version aesthetically pleasing.

I knew you’d be thrilled.

[Update: fixed link. Thanks Dave.]

Sport Utility Bike?

[The] Freeradical S.U.B conversion kit … makes your favorite ride into the baddest sport utility bike on the planet. Forget pantiers and racks on the front, or over the back tire that bump your knees and feet. Rather than relying on the strength of a single peg or gimbal on a bike trailer, the Freeradical bolts directly into the wheel peg holes in the back fork, with reinforcing braces so that it’s sturdy enough to carry darn near anything. And, since the extended wheelbase positions the carried load directly over the rear wheels, and low to the ground, handling is much more stable than on traditional bikes.

Sport utility bike? That’s like Porsche coming out with an SUV. Bad combo. Keep your sport and your utility seperate.

From “TreeHugger,” via Gizmodo. PS to R: You and your rules!

Small Bits: Xrays, Free Speech, Law, Cowards and Crypto School


  • Justin Mason has a good post on the new backscatter radiation xray machines that TSA would like to deploy. My favorite part: They create child pornography. Interestingly, these are one of the relatively few places that a privacy invasion makes us safer. Also interesting is that different people perceive either the hand-pat or the naked searches as more intrusive.
  • Someone Wikid sent me a pointer to “Bush-As-Groucho Posters Spark Furor At High School,” with the choice quote:

    “We had one student who was very upset,” [Principal Kenny] Lee said. “If something is bothering a student on campus, we’re going to address it.

    “Ummm, Principal Lee? It bothers me that you’re suppressing freedom of speech.”

  • Nanibetsuni points out that the Real ID act allows the Secretary of Homeland security to waive any law to construct fences, without possibility of review.

    So not only can the Secretary indiscrimately murder, no one can bring him to court over it! Now this may sound like a bunch of sensationlist crap, but I’m not the only one who sees this giant hole in this law.

  • William Lind has a good essay on courage, common sense, and homeland security, Of Cabbages and Kings:

    The episode also reveals what has become one of the main characteristics of America’s “homeland defense:” a total inability to use common sense. We have already seen that in our airport security procedures, our de facto open borders immigration policy and the idiotic “Patriot Act.” Here, it seems that no one was willing to act on the obvious, namely that if a small plane is approaching Washington, it is probably because the pilot got lost (which pilots do frequently). Why? Because to bureaucracies what is important is not external reality but covering your own backside politically. Putting on shows serves that purpose well, even if the shows make us look like both fools and cowards.

  • Finally, Stefan Brands takes IBM to cryptography school in “On IBM “anonymous” data sharing software and snake oil.

Purdue University, 11,360 SSNs, hacker

Purdue University is alerting current and former employees that their Social Security numbers and other information may have been illegally accessed from at least one of four campus computer workstations.

“Our investigation of a recent information technology security breach shows that the records of 11,360 current and former employees may have been accessed electronically,” said James R. Bottum, vice president for information technology. “We do not know how or whether the intruders intend to use this information, but we are alerting everyone who may have been affected because this information could be used to commit identity theft.”

Purdue web site with FAQ, mentioned in the U Chicago thread on Slashdot.