Time puts the resignation of Foley down to 'today's brand of personal politics'.
Leaving aside the fact that Foley resigned hours before the news broke leaving no time for personal attacks, when was there ever a time when his actions might have been excused?
Even if Foley had not campaigned against the very type of behavior he was found guilty of soliciting sex from an underage subordinate would mean an instant end to a political career even if the politician was straight.
The only real difference here is the technology. In earlier days the solicitations would be made by telephone or in person. Email is a problematic medium combining spontaneity, intimacy and permanence.
Email makes frequent appearances in the Abramoff saga, Better not put this stuff in writing. I have seen intercepts in cases where the conspirators ask 'do you think they might be reading this'.
If email was merely making it easier to catch wrongdoers there would be no problem. But it seems likely to me that the characteristics of email that help get the criminals caught is encouraging the criminal behavior.
Saturday, September 30, 2006
Time puts the resignation of Foley down to 'today's brand of personal politics'.
Friday, September 29, 2006
Variety reports on WalMart's demand that Apple share a part of the download pie.
Conventional wisdom is that no manufacturer can afford to ignore WalMart. After all who can say no to 20% of their sales revenue? Actually many well run companies can and do, particularly when they are selling bits rather than atoms.
A maker of baked beans or breakfast cereal has fixed capital costs. The sudden loss of 20% of their revenues goes straight to the bottom line.
The same is sometimes true of digital content. A shopper who does not pick up Pirates of the Caribean next to the till at WalMart may not buy it at all. But the convenience of buying at WalMart cannot possibly compare to the convenience of having the film available for viewing whenever and wherever the consumer decides they might want to watch it.
If Disney Studios was owned by a baked bean company it might make sense for them to capitulate to WalMart's demands. As Disney Studios is part of a much larger and diverse media empire, building its place in the next generation distribution channel is much more important for the company than short term profits on the small number of blockbusters that WalMart deigns to sell.
Thursday, September 28, 2006
Tuesday, September 26, 2006
The National Inteligence Estimate describing the current state of AlQaeda has been released. While most attention is likely to be focused on partisan interpretations of the document the document makes some other important points.
In particular Al Zawahiri, the former head of the Egyptian group called Islamic Jihad is considered to be at least as great a threat as Bin Laden himself. In particular the report suggests that if Bin Laden were eliminated and Al Zawahiri became sole leader he could make a broader appeal to muslims than the narrow sect Bin Laden belongs to and thus pose a much greater threat.
Monday, September 25, 2006
Adam reports that a nude sunbather was spotted on Google Earth. Usual privacy concerns etc. etc.
My take is why did it take so long to find someone? Hasn't there been something like hundred million teenagers scouring GE for something like this ever since they started?
Now wait for six people to sign book deals and try to get on Oprah, all claiming to be the nude Google sunbather guy.
Saturday, September 23, 2006
If you have children aged 5-10 and want to get them interested in physics and engineering take a look at Crazy Machines. The game has 102 puzzles that have to be solved by making various contraptions with magnets, pulleys, gears, motors, generators and so on. Some of the physics is somewhat questionable but they get the basics of Newtonian mechanics, friction etc. right.
The only problem with the game is getting it running. We had to turn on some DirectX extensions that had been turned off to get another program to run.
The same version of the program runs on Windows or Mac.
Friday, September 22, 2006
Tuesday, September 19, 2006
Over the past few weeks I have been acquiring a set of wire wheels for my MGB. Unlike the current wheels that have the standard four lug nut arrangement keeping them on the car wire wheels a single nut at the center of the wheel like race car wheels.
This arrangement was the cause of some concern. What if the nut comes undone? The wheels are spinning after all and nuts do have a habbit of working loose.
As I started reading up on how to fit the wire wheels I discovered that my concern was somewhat misplaced. The nuts that are visible simply hold the wheel to the hub and the brake assembly. If the visible nuts held the wheel to the car chasis there would be no way for it to turn.
So what holds the hub to the axles? A single medium sized nut hidden underneath a grease cap which is covered by the hub cap. So should I be less worried because this arrangement demonstrates that one nut is adequate or more worried because I now know that there are two single points of failure rather than one?
Thursday, September 14, 2006
So Saddam claims he was not a dictator, the judge agrees. Its only a matter of time before the blogosphere goes wild.
But what the judge actually told Saddam was that he was not a dictator but he was allowed to behave like one. In other words Saddam was never granted dictatorial powers and always claimed that his rule had the thin veneer of legitamacy.
Saddam is currently being tried in a civil trial under Iraqi law. If the court accepted that he was a dictator this would be impossible. By definition a dictator is not subject to national law, the essence of dictatorship is that the dictator sets themselves above it.
If Saddam was recognized as a dictator he could not be tried in a national court under existing national law. The only options would be to create new national laws with retrospective effect or to try him in an international court.
While there is certainly enough justification to charge Saddam with war crimes the Iraqi government and the US occupation prefers a national trial. One of the many reasons for this preference being that the international courts no longer recognize the death penalty.
So unpacking what the judge really said to Saddam he did not say 'you were not an evil dictator', instead what he said was 'you are on trial as a common criminal and will face the death penalty if convicted'.
Forbes.com reports that an LA talk show also accessed Arnies web site.
You would think that with all his experience fighting robots etc Arnie would know better.
Part of the problem is incompetence. Private data should never be stored on a public Web server. Come to that didn't US politicians learn to stop taping themselves after the Nixon Watergate tapes became public?
A larger part is the fact that computer security systems are too hard to use. A large part of the problem is the fact that we still use systems designed to protect access and not data. It is not suprising that ACL based security schemes based down when 300Gb disks cost $200. In the traditional model, access controls are applied to the directory entry describing where a resource is stored. When the file is moved the access controls are lost.
If we are going to have security systems that work we need to apply the security protections to the data so that the access controls move with the data. In other words we need a DRM/CRM type security system.
Wednesday, September 13, 2006
The only suprise here is that they can do this openly for so long.
Adam asks was ATT negligent in using the last four digits of the SSN for authentication?
A four digit password that is widely published and does not change for up to a century is hardly an effective security measure. There is unfortunately a big difference between 'ineffective' and the legal standard for 'negligent'.
I don't think that a case against ATT is very likely. If a case was going to be brought it would be against HP, the investigators and the agency they used.
If a case was brought ATT would certainly point out that they were simply following a widespread industry practice here. Last four digits of SSN is arguably as strong or stronger than mothers maiden name or favorite pet (fido or fluffy). Unlike mothers maiden name or favorite pet the use of a false SSN is a criminal act in itself.
Combined with other controls, SSN could be reasonably secure. Why were the phone records being sent anywhere other than the customer's billing address? Why do people think we need immediate access to our telephone calling logs anyway? Why is it the responsibility of the phone company to track who we call?
The legal standard for negligence is the Hands test, probability of harm multiplied by cost of harm is greater than the cost of an effective control.
The HP incident came only a few days after the existence of the cell phone records 'services' became widely known. Until then the incentive for stealling records and thus the probability of harm would arguably be low - in this case arguably meaning 'a jury might be persuaded'.
SSN verification might be viewed as being equivalent to a door lock, it offers little security in itself but breaking it provides a clear indication of criminal intent.
I don't see much hope of demonstrating negligence in this particular case. But what happens when the phishing gangs and the advance fee fraud gangs work out a way to work this type of activity into their schemes? Identity theft is all about building up a comprehensive profile of the victim. Knowing who they talk to would help a lot.
Tuesday, September 12, 2006
Report from the Raw Story
Perhaps the biggest Internet fallacy is the idea that it is a new frontier where no laws apply. In practice the law treats the Internet no differently. On the rare occasions where a drafting oversight is spotted the 'Internet exception' is usually closed.
The problem is not the law itself but the enforcement and the perception of the law. Enforcement is difficult because the Internet is not confined to a narrow geography. The difficulty of enforcement combined with the unfamiliarity of the territory combine to create a false perception that existing laws do not apply to the Internet.
Pretexting of telephone carriers to obtain cell phone records is an example where the public offer of a service creates a public perception and hence a presumption that the service is legal. Since pretexting is the use of deceit to obtain confidential information it is hard to see how it could fail to meet the legal definition of fraud.
If the problem was a genuine ambiguity the answer would be to pass new laws. Since there is no actual ambiguity, merely the perception of one the introduction of new law would be counterproductive as this would reinforce the perception that the actions are currently legal.
A much better approach and one that requires no scarce legislative resources is to bring an actual prosecution in a high profile case that is certain to be widely reported.
Monday, September 11, 2006
Thursday, September 07, 2006
History repeats itself, first as farce, then as crime.
(via Froomkin) Geeks review coffee makers.
Customer reviews are becomming increasingly important. Whenever I buy something on Amazon I read the reviews, in fact I go to Amazon mostly because of the reviews.
But accepting unauthenticated inputs creates a security issue. Spoof reviews are funny but they also demonstrate the weakness in the system, the reviews are only as trustworthy as the people who provide them. The problem is made much worse by the fact that one negative comment has a much bigger effect than ten poisitive ones.
Undoubtedly some of the attack reviews on Amazon are posted by competitors, others appear to be posted by disgruntled employees.
Monday, September 04, 2006
The reporters concentrate on the fact that sting rays cause few deaths, I suspect that might have been the problem. People who are used to managing and controlling very big risks often underestimate small risks.
A friend who does mountain climbing told me that the typical early death was a car crash in a high performance sports car.
Friday, September 01, 2006
Eric Rescorla blogged on this before I got a chance to. He does a good job of setting out the current situation with the IETF NOMCON process.
The short version is that this is a cryptographic protocol that is meant to select ten people at random from a list of eligible volunteers. The problem in this case is that 1) the list was not published as it should have been and 2) there was a person on the list who should not have been there. Due to the design of the cryptographic protocol used this meant that the compiler of the list could have biased the selection process and so has proposed that the process be 'reset' but this also creates a method of biasing the process as it creates a precedent whereby unacceptable outcomes can be avoided by having a 'redo' until the desired outcome is achieved.
I have not seriously analyzed the IETF selection protocol before now but I have always considered it as 'too clever by half'. I come from a country where we use ballot papers and a pencil for every election and have not had a seriously contested outcome for over a century. The same cannot be said for the US where discussion of Florida's 'hanging chads' has been replaced by the question 'can we trust Diebold'.
The superficially random nature of the selection process for the nomination committee is an artful way of disguising the fact that the whole point of the process is to avoid accountability. Academics are fond of tenure, Engineers dislike deadlines. If you allow a group of engineering academics to design an institution for themselves to work in you are unlikely to find that it has strong accountability mechanisms.
Eric is correct in pointing out that the IETF is a volunteer organization. It is not however an amateur organization, or to be more precise the IETF prides itself on the importance of the work that it does and the expertise that it brings to this work. It follows therefore that volunteerism is not an acceptable excuse for amateurism.
The flaw in the IETF protocol is the same one that is faced in real world elections and in most of the academic cryptographic voting schemes. One of the systematic failures of cryptographic voting protocols has been that with rare exceptions they consider the paramount concern to be secrecy of the ballot. In practice this is a very small concern. The point of secrecy is to prevent intimidation of voters or selling of votes. This is certainly one way to rig an election but any attempt at intimidation or vote buying on a large enough scale to affect the vote is going to be noticed and the results would be self correcting.
The two real concerns in electoral systems are 1) auditability and 2) vote suppression. Vote suppression has a long history in the US, the simplest way to rig an election is to stop voters likely to vote for the other party from registering to vote or if unable to prevent them registering stop them getting to the right polling station or if unable to do that discourage them from voting by ensuring that there are not enough voting machines available.
Vote suppression is a real issue but not one that can be fixed using cryptography. The principle concern for the cryptographic protocol therefore is to ensure that the process is auditable.
The critical flaw in the IETF process is the dependence on the list of candidates. If the cryptography is going to be as robust as possible the influence of the organizaers should be minimized. The current process has a critical reliance on the drawing up of the list of candidates. Publishing the list of candidates prior to the discovery of the random seed information is a critical control if the process is to be fair and auditable.
The way to fix the selection scheme is to eliminate the critical dependence on compiling the list. A simple way of doing this is to use a common random seed, a MAC function and the email address of the volunteer to create a score with the top ten scores being the selected members. So the score for email@example.com would be MAC (seed, "firstname.lastname@example.org").
The advantage of this scheme is that it is still possible to generate a score even if the list is not generated and published correctly and on time. If a person is left off the list it is still possible to calculate a score for them provided they can prove that they are eligible. If a person is included in the candidate list but is found to be ineligible for any reason their inclusion does not affect the outcome and can be ignored.
The moral here is that cryptography is often a critical part of the solution to real world security requirements but it is a mistake to consider cryptography to be a panacea. Cryptographic protocols that do not take account of real world exceptions turn out to be like cast iron - strong but brittle. The art is to design protocols that are like steel, strong enough and flexible enough for real world needs.