Politics and Money: Transparency and Privacy

prop 8 donor map and privacy.jpg(Or, the presentation of self in everyday donations)

So I’ve had a series of fairly political posts about election finance, and in one of them, I said “I’d prefer that the rules avoidance be minimized, and I think transparency is the most promising approach there.”

Well, in the interests of transparency, I need to comment a little in the wake of a lawsuit in California over transparency and Proposition 8. Two stories: “Marriage Ban Donors Feel Exposed by List:”

“Some gay activists have organized Web sites to actively encourage people to go after supporters of Proposition 8,” said Frank Schubert, the campaign manager for Protect Marriage, the leading group behind the proposition. “And giving these people a map to your home or office leaves supporters of Proposition 8 feeling especially vulnerable. Really, it is chilling.”

and today, “Prop. 8 campaign can’t hide donors’ names.”

Setting aside all the irony of proponents of an initiative suing to overturn law passed under another initiative, the law was the law when they made their donations. What did they think was going to happen?

But it’s not all that simple. There’s a strong argument for allowing proponents of unpopular causes to organize themselves in a way which is free of reprisals. For allowing them privacy. There’s important privacy law in NACCP vs Alabama, about the right to associate privately for political change.

On the one hand, I think that privacy is an important right, and should not be subjected to harsh tests. (Had Alamaba prevailed, death by lynching was a likely outcome for at least some of the people on the list. I don’t want to see private association subject to a grievous harm sort of test.)

On the other hand, those who want to take away the rights of others should perhaps be asked to air their public policy beliefs in public. If they can’t take the heat, get out of the kitchen.

On the gripping hand, this raises a hard tradeoff. What should we do? (Whatever we should do, we should keep it civil as we discuss it.)

[Update: Part of the reason I reference NAACP vs. Alabama was to allude to the fact that sometimes the unpopular speech is speech against government. The NAACP fought to keep their membership private because they knew that the Alabama government was lousy with Klan members. Had the list been turned over, members would have been murdered. That in this case, we might see anti-harrassment laws enforced is not an argument against the general need for privacy for those with unpopular views.]

Will Proof-of-Work Die a Green Death?


In the Cryptography mailing list, John Gilmore recently brought up and interesting point. One of the oft-debated ways to fight spam is to put a form of proof-of-work postage on it.

Spam is an emergent property of the very low cost of email combined with the effect that most of the cost is pushed to the receiver, not the sender. The thinking goes that if you can trivially increase the cost to the sender, it disproportionately affects the spammer, and thus tilts the economics back to us from them.

The proposition has always been debatable. Laurie and Clayton wrote a paper in 2004 challenging the idea, and I’ve never seen a full refutation of it. Moreover, the balance may even be tipping more to the spammer. The major problem with proof-of-work is that legitimate senders are often on limited devices like smartphones and the spammers are on compromised servers. Systems to harness compute power in graphics cards such as OpenCL can unbalance the system.

There is also the related problem that the costs of power and cooling (which is another way to say power) of a computer over its life are often more than the hardware costs. This has been a huge fly in the ointment of grid computing.

Gilmore, however, says:

Computers are already designed to consume much less electricity when idle than when running full tilt. This trend will continue and extend; some modern chips throttle down to zero MHz and virtually zero watts at idle, waking automatically at the next interrupt.

The last thing we need is to deploy a system designed to burn all
available cycles, consuming electricity and generating carbon dioxide, all over the Internet, in order to produce small amounts of bitbux to get emails or spams through.

I think he’s got it spot on, and whatever we do, Proof-of-Work is now in the recycling bin.

Photo “Proof of Living” by yuankuei.

“EPC RFID Tags in Security Applications”

I just finished an interesting paper, K. Koscher, A. Juels, T. Kohno, and V. Brajkovic. “EPC RFID Tags in Security Applications: Passport Cards, Enhanced Drivers Licenses, and Beyond.”

In the paper, they analyze issues of cloning (easy) read ranges (longer than the government would have you believe) and `design drift’ (a nice way of saying that the Washington State EDL can be read in its protective sleeve). But that’s not what I wanted to talk about. What I want to talk about is the strikingly experimental nature of the paper, and how unfortunately rare that seems to be. Throughout the paper, the authors describe what they did and what they observed. (“..we used an Inpinj Speedway R1000 reader with a Cushcrash S9028PCL circularly polarized antenna..” “The TID reported by our Passport Card is E2 00 34 11 FF B8 00 00 00 02…”)

In far too many papers which purport to be about computer security, there’s a lack of hard detail. Take for example, my own “Experiences Threat Modeling at Microsoft.” While I’m happy with the paper, and it explains a great deal about what we’ve learned, it doesn’t contain nearly as much measurement of threat models as I would have liked. (Of course, figuring out what to measure about threat models was one of the goals of the paper.)

For another example, take the widely reported apon “Overwriting Hard Drive Data: The Great Wiping Controversy,” which doesn’t so much as report what equipment they used. I would not rely on that paper not only for their lack of detail or their wearing their bias on their shoulder, but because demonstrating that Wright, Kleiman and Sundhar can’t figure out how to read a disk is not the same as saying that no one could figure it out. Had they explained how to figure it out, that would be far more conclusive and interesting.

I shouldn’t be struck by descriptions of experiments and facts reported.

Request your travel records

Speaking of how you’re presented and perceived…”How to request your travel records,” by Ed Hasbrouck.

By popular demand, I’m posting updated forms to request your PNR’s and other records of your international travel that are being kept by the U.S. Customs and Border Protection (CBP) division of the Department of Homeland Security (DHS)…

If you made a similar request before, the answer you got (if any) was almost certainly incomplete. If you want to know all of what’s really in your file, you should probably make a request again, using this updated form.

The Presentation of Self in Everyday Tweeting

Chris Hoff pointed to an interesting blog post from Peter Shankman. Someone* tweeted “True confession but I’m in one of those towns where I scratch my head and say ‘I would die if I had to live here!'”

Well it turns out that…

Not only did an employee find it, they were totally offended by it and responded to the agency person. The kicker is that they copied the FedEx Coporate Vice President, Vice President, Directors and all management of FedEx’s communication department AND the chain of command at (his employer).

Now, the twit who tweeted was clearly a twit, having mixed business and personal in a way that offended a major client. But let’s step back.

First, it’s important to remember that we all have personal lives, and it’s a good thing to be able to separate them from our work lives. If you work in IT and want to blog about gardening, no one is going to confuse things. Where it gets a little grey is when we’re deeply enthused about our work. I blog under my real name about topics that impact my employer. Not all–there are posts that haven’t seen the light of day because they’re too close. Sometimes, I cover work here when I’m really excited about it. My co-workers at Microsoft and my colleagues at Waggener Edstrom also understand that Emergent Chaos is separate, and have never asked me to post anything here.

Second, I think it’s important to generate a zone of professionalism where we it is seen as reasonable for seasoned professionals to comment on things which impact their employers without a presumption that they speak for their employer. This is not without challenges. If we’re naive about it, we create a zone of shills where people are paid to speak for their employers, and lie. At the same time, there are people with a degree of experience, maturity, and wisdom where you want them to be free to speak. Similarly, Microsoft’s willingness to accept my continued posting here without a lot of oversight made me happier in accepting their job. There are lots of companies which would have said “no way.”

Third, I think you need to telegraph where difference is. Here, it’s very clear that we speak for the President of the United States, not our employers. When I mention Microsoft, I try to be clear, although in reviewing posts, I seem to have fallen down a little. A post like “SDL Announcements” is pretty clearly me speaking about work:

I’m in Barcelona, where my employer has made three announcements about our Security Development Lifecycle, which you can read about here…I’m most excited about the public availability of the SDL Threat Modeling Tool. I’ve been working on this for the last 18 months…

(Speaking of clear, not all of the posts in the category are by me.)

The title is of course, a reference to the classic work of sociology, in which Goffman explains that we all present different facets of ourselves in different contexts. In blurring these contexts, services like Twitter and Facebook present a serious challenge to how we conceptualize and present ourselves.

Photosynth and the inauguration

So what do you do with the million photos everyone took of the inauguration? Here at Emergent Chaos, we believe that we should throw them all in a massive blender, and see what emerges. A massive blender isn’t a very technical description of Photosynth, but it’s not a bad analogy. The project cleverly figures out what information is available from all the photos, creates a massive, three dimensional model, and makes it available. Here’s “The Moment,” hosted by CNN and Microsoft Live Labs, pixelated by my shrinking it down and adding the frame from a screenshot:


I think it’s tremendously cool. There’s no pre-organization. It’s not some massive machine stitching together a gigapixel image from one place. People take photographs chaotically, submit them sporadically, and what emerges is amazing. Why not go explore?

(Disclaimer: I’m pretty sure I’d say the same thing even if I didn’t work for Microsoft.)

A nudge in the right direction?

I am surprised I hadn’t heard about the book Nudge, by Cass Sunstein and Richard Thaler.
I haven’t read it yet, but from the web page it seems to be about how policymakers can take into account the heuristics and biases characteristic of human decision-makers and create a choice architecture which yields “proper” decision-making.
I confess that this whole line of thinking is somewhat alien to me, and that I never cared much about psychologists trying to understand how we think, since many of their explanations could also be seen as just-so stories. Of course, with amazing advances in brain imaging that has changed, and I am realizing that I should have given these folks more respect.
Why should anyone care? Sunstein (who is the most cited legal scholar in the U.S.*) is now the head of the Office of Information and Regulatory Policy for the Obama administration.
* He does not, however, seem to have an Erdös number

Abuse of the Canadian Do Not Call List

The Globe and Mail and the CBC each report that Canada’s Do Not Call list is being used by telemarketers both good and bad (where each term is relative).

This is a bit sad for Canada. The US’s DNC list has been very successful, and one of the very few places where the US has leadership in privacy. Before the DNC list, I used to get a dozen or so calls a day. The annoying ones would be the junk faxes coming to our main line between 3am and 6am. The nightly ritual had to include taking the phone off the hook for some time. These days, the only issue we have are the people we affectionately call “The Illegal Carpet Cleaners.”

On the other hand this is an opportunity. There’s a fine of up to $15,000 for violating the DNC list in Canada, and this could easily be a profit center for the privacy commission. If I were a legitimate firm in Canada, I’d be looking closely at my marketing plans now. No one’s going to feel sorry for the company that is found to have been calling people from a stolen DNC list.

Both articles point out that complete fraudsters are an issue, and companies such as “a Caribbean telemarketer selling fake Caribbean cruises” now have more numbers they can use. But those numbers are stolen property of a sort, and toxic. They can be a tool against foreign scammers. After all, the tourist board of said Caribbean island wouldn’t want to seem uncooperative to people trying to stop fraud and dinner interruptions. If I were a scammer, I’d also want to examine the phone numbers I have recently gotten, because those could be dangerous to have as well.

It remains to be seen how Canada will handle it, how they’ll track down the loss, how they’ll recover from it. It will be interesting to watch, because they’re good and they take privacy seriously. There’s the potential for some seriously tasty lemonade to be made from these lemons. I have my fingers crossed.

The New Openness?

This photograph was taken at 11:19 AM on January 20th. It’s very cool that we can get 1 meter resolution photographs from space. What really struck me about this photo was.. well, take a look as you scroll down…

Obama inauguration from space.jpg

What really struck me about this is the open space. What’s up with that? Reports were that people were being turned away. Why all the visible ground? Were those areas still filling in? Did security procedures keep away that many?

You can click through for a much larger version at the Boston Globe. [update: even larger version at GeoEye, purveyors of fine space imagery.]

The New Administration and Security

Quoting first from Obama’s inaugural address:

The question we ask today is not whether our government is too big or too small, but whether it works — whether it helps families find jobs at a decent wage, care they can afford, a retirement that is dignified. Where the answer is yes, we intend to move forward. Where the answer is no, programs will end. Those of us who manage the public’s dollars will be held to account — to spend wisely, reform bad habits, and do our business in the light of day — because only then can we restore the vital trust between a people and their government.

and then from the new Director of National Intelligence:

In an unusual comment from a man who will head the most secret agencies of government, [Dennis Blair] said, “There is a need for transparency and accountability in a mission where most work necessarily remains hidden from public view.” He said that if confirmed, he would “communicate frequently and candidly with the oversight committees, and as much as possible with the American people.” (“Blair Pledges New Approach to Counterterrorism,” NYTimes)

I was struck by Obama’s focus on transparency in his address, and I was struck by how easily we can substitute in ‘information security,’ “those of us who manage information security dollars will be held to account — to spend wisely, reform bad habits, and do our business in the light of day — because only then can we restore the vital trust…”

From the perspective of executives, information security spending is often wasteful. If you can see security problems, the money wasn’t spent well. We have a tendency to move with fads, and we certainly cover up our problems. For these reasons, we’re too often not trusted advisors to our businesses, but rather, we’re seen as obstacles.

The advice of Obama and Blair is something that we can all heed. Everyone knows there are security problems. It’s time, or even past time, to stop with the secrecy around most problems. We can communicate more freely. That’s change you should believe in.

Pinch me…

The Freedom of Information Act should be administered with a
clear presumption: In the face of doubt, openness prevails.
The Government should not keep information confidential merely
because public officials might be embarrassed by disclosure,
because errors and failures might be revealed, or because
of speculative or abstract fears. Nondisclosure should never
be based on an effort to protect the personal interests of
Government officials at the expense of those they are supposed
to serve. In responding to requests under the FOIA, executive
branch agencies (agencies) should act promptly and in a spirit
of cooperation, recognizing that such agencies are servants of
the public.
All agencies should adopt a presumption in favor of disclosure,
in order to renew their commitment to the principles embodied
in FOIA, and to usher in a new era of open Government. The
presumption of disclosure should be applied to all decisions
involving FOIA.

Presidential memorandum, January 21, 2009

A few Heartland links

Well, Mordaxus got the story, but I’ll add some links I found interesting or relevant.

StoreFront BackTalk has From The Heartland Breach To Second Guessing Service Providers. Dave G at Matasano added “Heartland’s PCI certification.” The Emergent Chaos time travel team already covered that angle in “Massachusetts Analyzes its Breach Reports:”

What’s exciting about this is that we’re seeing the PCI standard being tested against empirical data about its effectiveness. Admittedly, the report jumps to conclusions from a single data point, but this is new for security. The idea that we can take a set of “best practices” and subject them to a real test is new.

Rich Mogull points out that:

This was also another case that was discovered by initially detecting fraud in the system that was traced back to the origin, rather than through their own internal security controls.

IDS users, vendors or advocates care to comment on why that’s happening?