What should the School District have done?

The Pennsylvania school district being sued for allegedly spying on students now claims the feature was only used to recover stolen laptops.

Recovering a stolen laptop is an objective that most people would accept as valid. But at the very least the school district implementation has created a major legal liability. Even if they 'win' the lawsuit they could easily spend a million dollars in legal costs.

What should the school district have done instead?

Disclosure: Any security mechanism that you would not want to disclose to your users is likely to be a bad idea. A mechanism that is kept secret to avoid controversy is a very, very bad idea.

Dual controls: Banks require every important operation to involve at least two people. Its not just to reduce the risk of embezzlement, its to provide protection for the personnel. If one employee could open the safe by themselves they would be a target for kidnappers and if any money did go missing they would be a suspect.

Audit Trail: Every system that could be misused should generate a tamper proof audit trail.

Security people don't just ask 'what is the worst that can happen', they think 'what is the worst that someone could be accused of'.

Adding the necessary controls does not need to create excessive overheads. Simply generate a unique access code for each end point and seal the access codes in tamper-evident bags. Make the custodian of the bags a different person to the one that has the password for the recovery system. Alternatively use a software based mechanism to enforce dual controls.

This problem has been solved for a decade in key recovery systems. There really is no excuse for not applying that technology.

Clueless pundits

What I find most depressing about the state of the Washington Post is the sheer political cluelessness of some of their pundits. Lane argues that Bayh's last minute withdrawal from the race has set himself up for a Presidential run against Obama.

There are many problems here, not least the fact that there really isn't a constituency in the Democratic party base that thinks Obama has failed to be sufficiently open to working with the Republicans.

I suspect that his timing was designed to prevent a big name GOP candidate from entering the race. But most party activists seem to have assumed that his real objective was to ensure that the party apparatus would install a blue dog candidate. That has pretty much made the Bayh brand toxic as far as national politics goes.

Bayh's departure appears to be driven by pique as the loss of the supermajority and the GOP tactics of total obstruction have transformed his role from cloture power-broker to a marginal player in the reconciliation-rules 51 vote game.

Human Error

According to the Olympic committee it was 'Human Error' that caused the death of luger Kumaritashvili.

I beg to differ. Human error was merely the cause of the crash. The crash was fatal because the luger collided with an unprotected steel support.

Every corner on a Formula One track is protected with walls of rubber tires. The speeds are faster, but the drivers are riding in reinforced chassis designed to withstand high speed impacts. It might be that no amount of protection would have been sufficient, but failure to provide any would seem to be negligent.

But whatever the cause is ultimately determined to be, any judgment made at this point is premature.

Woods not a good Buic salesman

One of the things I could never understand about GM was why they paid Tiger Woods to be the pitchman for Buick. It always seemed an odd fit, seems that I was right [USA Today].

My impression of Buick was that it was little more than an excuse to charge a slightly higher price for a range of uninspiring sedans made from standard GM parts. That is not an impression that you break by paying a celebrity to drive it when they would obviously be much happier in a Porsche or a Ferrari.

Seeing Woods step out of a Buick was never going to make people think 'hey I want to drive what he drives'. To the extent the brand of the car registered at all most people would think either 'rental' or 'being paid to drive it'.

People understand that Woods is also paid to tout the goods Nike makes in low wage sweatshops of course. But there the idea is that the spokesperson has at least some input into the goods on sale. It is unlikely he would stay with Nike clubs and balls unless they were amongst the best in the industry, there is the expectation that he at least sees the clothing range before it launches.

Arnold Palmer was a very successful spokesperson for Rolex for the simple reason that it was totally believable that a Rolex is what Palmer would choose to wear. It is hard to imagine many spokespersons that that would be true of for Buick, which is probably why the brand is best buried.

Everything you need to know about shooting the news…. « Photo Traveler

All you need to know about news journalism [h/t Bob Krist]

No Flash on the iPad

The New York Times joins the long list of journals who fail to mention the most likely reason that Apple refuses to implement Flash on the iPad.

Apple has made clear that it's intention is to control both the platform and the applications that run on the platform. Like the Video Game console makers, Apple wants to tax every application provider.

Support for Flash would provide another means of putting applications on the iPhone. And so Apple will refuse to support Flash whatever the status of the specification or the implementation until they abandon the 'application tax' model.

Is there any chance Apple will change? As with every other first generation Apple product, the iPad lacks rather a lot of features that appear essential. It is pretty obvious that the next version will have a camera for doing video conferencing. I think that they are going to find they are forced to support real USB and an SD card as well.

Apple does quite well spinning the fact that obviously essential features are missing. When the first iMac was launched it lacked a floppy drive because the box had originally been made as a 'Network PC' and repurposed as a home PC. Jobs argued that the lack of a floppy or a CDRom was because people would download programs from the Internet. This story has even been repeated this week as evidence for how 'prescient' Jobs has been in the past. Which is rather silly since there was an optical drive on the next iMac and every model since.

When the iPhone came out the big question was not whether it would make a good computer but whether it would be a usable phone. Experience of the HP iPaq range was that computer company phones were to be avoided. Rival phone makers have spent the three years since trying to catch up with the first iPhone. The fact that the iPhone is a vendor locked application platform was not a big deal to me as it was the first phone that you could run a useful application on without the thing crashing (yes, I mean you Palm).

The iPad is a computer and this time Apple is up against the rival computer makes. I don't much care how good Apple's eBook store is, I am going to buy my eBooks from Amazon which lets me read them on my Kindle, my PCs or in the very near future my Macs. The first generation iPad clones will probably be somewhat nasty. But if they have an SD slot and a proper USB port and let me write my own applications they are already looking like a better buy.

Apple is certainly going to try to roll their iPhone/iTouch application tax model onto the iPad but this time its going to fail. And when it does we will probably see the model starting to unwind on the iPhone as well. If Google Android based pad computers beat out the iPad they are going to establish a developer base to make them competitive with iPhone.

Word Stupidity

For years, the defaults for making references to other parts of a document in Microsoft Word have been insane.

First off there is the stupid dialog box.



There are eight default objects that Word lets you link to but the drop down menu only shows the first six. For some reason the options for 'Table' and 'Figure' - i.e. the types of object people are most likely to be adding a cross reference to appear at the bottom so you have to scroll down to see them.

The other bizarre choice is that the default is to insert a reference to the Entire Caption. Does this ever make sense?

The net is that the user has to scroll through two drop down menus every single time they insert a reference. Word does not seem to have an option to add in a shortcut. And the default options are reset each and every time the dialog appears.

Abdulmutallab speaks

So, Abdulmutallab, the 'crotch bomber' has been co-operating with investigators 'despite' the use of standard FBI process [ NY Times].

This should hardly be a surprise. Police are trained to perform interrogations, they have years of experience. CIA agents are not.

Even so, the latest Republican Party talking point is the rather weird claim that reading Abdulmutallab his Miranda rights may have persuaded him to stop talking.

Let us recap the circumstances of Abdulmutallab's arrest. He was taken off the plane he had attempted to bomb. He had severely injured himself in the attempt to detonate the bomb. The passengers and crew had at a minimum removed his trousers and underwear. It seems quite likely that after discovering the bomb in his underpants, the passengers/crew had stripped him completely naked.

Given those circumstances, it seems rather unlikely that Abdulmutallab would have any expectation of a not-guilty verdict.

How could talking to the investigators possibly make Abdulmutallab's case any worse? He can't claim mistaken identity, he can't plausibly deny carrying the bomb, being aware of carrying it or attempting to detonate it.

Abdulmutallab is certain to receive a life sentence regardless of what he says. This is not a difficult case where a confession or an unintended slip is going to make the difference between conviction and acquittal. It is as close to being an open-and-shut case as they come.

The only chance Abdulmutallab has to improve his living conditions during his life sentence or to earn the possibility of parole in the distant future is to co-operate.

Incidentally, the man appears to have burnt away his penis in the attempt. How could torture do anything more than give him something else to think about? If he is being waterboarded he is going to blame his captors for his situation. If he is being being treated as an ordinary criminal he has plenty of time to build up resentment against the group who caused his injury.

At the time of his arrest Abdulmutallab was probably expecting to be taken to Gitmo and subjected to torture. The point at which his Miranda rights were read would be the first point at which the actions of the authorities significantly departed from his expectations.

iPad - missing the point

All the reviews for the Apple iPad seem to be positioning it as a Kindle competitor.

This is rather silly as the point of kindling is that you use it to start the fire. It is the first fuel to be consumed.

To understand where Amazon is going with Kindle people should look to the fact that there is already a Kindle viewer for the iPhone which according to the Apple site should work on the iPad unless Apple is silly enough to attempt to block it. There is also a Kindle reader for the PC and a reader for Mac is promised.

The point of the Kindle was to allow Amazon to build an early lead in the eBook market and to prevent Apple from dislodging it in the way that Apple has managed to dismantle the power of the record labels. Kindle has clearly met that objective.

The iPad is simply a logical extension of the Kindle concept that is optimized for video, games and pictures rather than a dedicate book reader.

Rather too much is also being made of Amazon's recent 'change' in their pricing policy. Under the old pricing policy the publisher got 30% of the recommended retail price which Amazon routinely discounted by a third. So the publisher would recommend a price of $15 which Amazon would discount to $10 and receive $4.50 per copy. Under the new scheme the publisher gets 70% of the sales price provided they agree to a recommended price of $2.99 to $9.99 that is at least 20% lower than the hardcover price and agrees to enable text-to-speech. So the royalty rates are actually rising from 45% to 70% and only if the publisher is also willing to take a considerable price cut. The net result is that it makes little sense for a publisher to charge more than $9.99 for a Kindle book unless they are going to charge a minimum of $23.33.

Amazon is still making a nice profit from Kindle sales, but their cost of sales is no longer negligible. Associate fees are 10% of Kindle sales and the costs associated with payment processing and running the Amazon site and brand are likely to take up another 10%. Kindle royalties might rise a little further in the future, but any rise is going to significantly cut into Amazon's profit.

Why charging illegal entry?

Someone asked me why O'Keefe has been charged with illegal entry rather than wiretapping.

The answer is that this is likely a holding charge. The prosecutors have all the evidence they need to win a conviction for attempting to gain entry to Federal property for the purpose of committing a crime. That alone carries a sentence of ten years. Burglary is the act of breaking and entering for a criminal purpose. The actual taking of property a separate offense: theft.

But the FBI and the prosecutors will almost certainly be adding additional charges before taking the case to a grand jury. They will also be looking to see if the group have attempted any other breakins and in particular the possibility that they might have succeeded.

What charges are likely? Well the Pellicano case is a fairly close comparison. Pellicano was eventually sentenced in December 2008 to 15 additional years in prison, and ordered (with two other defendants) to forfeit $2 million [Wikipedia].

Pellicano was engaged in his activities for several years and so he was charged with RICO Conspiracy. He also attempted to cover up his activities and so he was charged with witness tampering, false statements and destruction of evidence.

Of the Pellicano charges, the charge of Interception of Wire Communications does not apply on the basis of the facts set out in the indictment. It would apply if the conspirators had been allowed to actually place the wiretap and it was used to intercept a communication. But had that happened I would expect it to have been reported in the affidavit and charged as per the indictment. It may turn out that the conspirators intercepted other communications in which case they would be liable for either a one year or a five year sentence depending on the circumstances.

A count of Posession of an Electronic Communication Interception Device (18 USC 2512) seems likely, but that only has a sentence of five years.

According to the facts as we currently understand them, the activities of O'Kefee and his conspirators were nowhere near as extensive as those of Pellicano, nor did they succeed. But against that there is the fact that they attempted to bug the telephone of a United States Senator.