Wednesday, May 30, 2007

Peace Index: US better than Iran, but worse than Yemen.

According to a Reuters story by Deborah Charles,

The United States is among the least peaceful nations in the world, ranking 96th between Yemen and Iran, according to a new index released on Wednesday that evaluates 121 nations based on their peacefulness.

According to the Global Peace Index, created by The Economist Intelligence Unit, Norway is the most peaceful nation in the world and Iraq is the least, just after Russia, Israel and Sudan.

"The objective of the Global Peace Index was to go beyond a crude measure of wars by systemically exploring the texture of peace," said Global Peace Index President Clyde McConaghy...

"Democracy didn't actually correlate with peace, but a well-functioning democracy did. Efficient, accountable government seems to be the leading determinant of peace. Beyond that, income helps."

Madagascar is 41, the United Kingdom 49, Libya 58, Cuba 59, China 60, Bosnia and Hercegovina 75, Syria 77, Serbia 84, Lebanon 114.

Labels: , ,


Friday, May 25, 2007

Engaging Privacy and Information Technology in a Digital Age

This book, now available for pre-order from the National Academies Press, is the result of a multi-year study committee on Privacy in the Information Age, sponsored by the Computer Science and Telecommunications Board (CSTB) of the National Research Council (NRC), of which I was a member.

Privacy is a growing concern in the United States and around the world. The spread of the Internet and the seemingly boundaryless options for collecting, saving, sharing, and comparing information trigger consumer worries. Online practices of business and government agencies may present new ways to compromise privacy, and e-commerce and technologies that make a wide range of personal information available to anyone with a Web browser only begin to hint at the possibilities for inappropriate or unwarranted intrusion into our personal lives. Engaging Privacy and Information Technology in a Digital Age presents a comprehensive and multidisciplinary examination of privacy in the information age. It explores such important concepts as how the threats to privacy evolving, how can privacy be protected and how society can balance the interests of individuals, businesses and government in ways that promote privacy reasonably and effectively? This book seeks to raise awareness of the web of connectedness among the actions one takes and the privacy policies that are enacted, and provides a variety of tools and concepts with which debates over privacy can be more fruitfully engaged. Engaging Privacy and Information Technology in a Digital Age focuses on three major components affecting notions, perceptions, and expectations of privacy: technological change, societal shifts, and circumstantial discontinuities. This book will be of special interest to anyone interested in understanding why privacy issues are often so intractable.
The full draft text is available free online, and will be replaced with the final version when it is published.

Much credit is due to the editors, Jim Waldo, Herb Lin, and Lynnette Millett for imposing a substantial amount of coherence to disparate contributions from one of the most diverse committees I have ever served on. (I think that both the lawyers and the philosophers outnumbered the three "computerists" on the committee--it was a very broadening experience.)

I must confess that I am now much less confident that much privacy can be salvaged than I was when the study was started.

Labels: ,


Machine translation on the Web.

I frequently see claims about how helpful the tools that translate Web pages from one language to another are, especially for those of us who are monolingual. Here's a typical claim from Google:

One of our objectives in Google is to supply the access to the the whole world information. A great obstacle for the this is the language barrier. If the ideal page of the result to a question will be written in a language that you do not understand, to follow above until now he will be very hard to start the access to this information. Today, we launch a new characteristic in Google we translate that he makes great one-step examination to direct itself to this problem...

When the translation of machine will not be perfect, is generally good sufficient you to get gist of the information in a language that you could in another way to be incapable to reach. We think that this characteristic will be particularly useful for our international users since even so the majority of users of the Internet for is there either English speakers non, a majority of the index in the Internet we are still in English.

Well, I admit that's not exactly how they put it on their English-language website. It's the result of using Google's service to translate two of their paragraphs from English to Portuguese, and then, since I don't understand Portuguese, translate the result to English. So we should probably assume that only half the errors and infelicities are due to translation in either direction. Nonetheless, it raises two important questions for me:
  • The right to make a translation is one of the rights associated with copyright. How much of a website can a commercial site translate for its own profit (remember, it's all about ads) and still claim it as fair use?
  • Some people actually rely on the accuracy of information on the Web--especially if it comes from an apparently authoritative source--and base decisions on it. Suppose an error in translating a company's website led to a commercially important miscommunication? Who would be liable? The company that published the Web page? The company that (mis)translated it? Or the user who believed the mistranslation? Similar questions arise about libel. Is this just one of those things that nobody in particular is responsible for, an "Act of God"?

Labels: ,


Monday, May 21, 2007

US Customs breaking US privacy laws.

Washington Post article by Ellen Nakashima.

The Department of Homeland Security is breaking privacy laws by failing to tell the public all the ways it uses personal information to target passengers boarding flights entering or leaving the United States, according to a draft government report.

The Government Accountability Office, in a report to be released tomorrow, says DHS's Customs and Border Protection agency has never publicly disclosed all the sources of data such as name, credit card number and travel history that it uses to detect passengers who may pose a security risk.

This is in general accord with the world-wide position of customs authorities: You have no privacy rights whatsoever when crossing a national boundary.

Labels: , ,


Monday, May 14, 2007

Irony alert:
Pirate file-sharing site hacked

COMPUTERWORLD has a story by Gregg Keizer about hackers making off with usernames and passwords from the file-sharing site Pirate Bay.

Labels: , , ,


Google: A quarter of Web pages are malicious.

"It's a jungle out there!"

BBC News reports on a study by Google that out of 4.5 million pages subjected to "in-depth analysis," 450 thousand could launch "drive-by downloads" and another 700 thousand could compromise a user's computer. Google has "started an effort to identify" all the malicious pages on the Web. A tall order.

Practice safe surfing, eat right, and floss your teeth (in that order).

Labels: ,


Thursday, May 10, 2007

Golden Gate Bridge tidbits

The San Francisco Chronicle has an interesting article by Carl Nolte on the upcoming 70th anniversary of the Golden Gate Bridge (May 27).
  • The celebration of its 50th anniversary in 1987 (its first scheduled closing to vehicular traffic in 50 years) drew so many people—more than 800,000 by some estimates—that there was a visible deflection of two of the main spans, the 4,200-foot-long main span between the towers and the span between the south tower and the San Francisco anchorage. The celebration had produced the heaviest load that the bridge had experienced to date. Planners hadn't realized that concentrated foot traffic would be significantly heavier than concentrated vehicular traffic.
  • The Report of the Chief Engineer, Volume II went on sale today in a limited edition (1,000 copies only).
    If $70 exceeds your interest in this wonderful engineering and artistic masterpiece, I can also recommend Spanning the Gate, the definitive work on the construction of the bridge, including many stunning photos. Available on the same site for $19.95, or from Amazon for$15.56. [1]
  • Charles A. Ellis, a University of Illinois professor, did much of technical and theoretical work on which the bridge design was based. However, because of a dispute with Chief Engineer Joseph Strauss, he was fired before construction began. Until last Wednesday he got none of the public credit. His name was not even mentioned in any of the dedication plaques on the bridge.
[1] No, I don't get a commission.



California voting machines: Good news.

Debra Bowen, California Secretary of State--responsible for the conduct of elections--has just announced a top-to-bottom review of voting systems certified for use in California. Some of the top experts in the field have been recruited to lead the effort, which will cost about $1.8 million (compared to the $450 million spent or set aside to upgrade California’s voting equipment over the past several years). The review will be complete in time to ensure the use of the reviewed systems in the 2008 elections.

More states should be doing this, until the Federal government steps up and conducts comparable studies for all systems nationally.


Labels: , , ,


Wednesday, May 09, 2007

Why didn't I think of that?

Mitt Romney, Presidential candidate and Governor of Massachussets, has come out against REAL ID for citizens. He thinks we should instead have an ID card for illegal aliens.

I think this idea has real potential. There are lots of other kinds of ID it would be good to have some people carry. Fees for issuing the IDs could even be a profit center for the states. Why not Terrorist IDs? Drug Dealer IDs? Burglar IDs? Drunk Driver IDs? Income Tax Evader IDs? Philanderer IDs? Bookie IDs? Democrat IDs?
"I've got a little list, I've got a little list."
When police wanted to make a quick judgement on a suspect, they could just check his/her collection of IDs, rather than looking her/him up in the database.

Of course it would be necessary to make it a federal crime not to carry and show all your IDs.

Labels: , , ,


Monday, May 07, 2007

If this weren't so painfully typical, it would be funny.

Recording of an actual customer service call, with video commentary.

I've never had to call HP support, but this is very like many calls to large-company support centers I have experienced. But with many small companies, I've gotten help so quickly and effectively it has astonished me.

Is it that small companies that provide good customer service stay small, or is there something that makes big companies think that helping their customers doesn't pay off? If customers are uniformly pissed off at the last customer "support" that they got, HP will lose about as many customers to Dell as vice versa? They see customer support as a cost center, to be minimized, rather than as a brand differentiator?

Updated to add:
Comment #5 to David Pogue's blog post points to another film, that explains how customer service is actually supplied. More painful humor, though the authenticity quotient may be lower.

Labels: , ,


Why buy a star name, when you can get your own integer?

I'm sure you've received many offers from "star catalogs" to name a star just for you or one of your loved ones. Well, Ed Felten has a new service that will provide you with your very own proprietary integer.

  • There are more than 100K times as many 128-bit integers as there are estimated to be stars, so it's not quite such an exclusive club.
  • You can't publicize your integer, it's a secret key.

I've already gotten mine, generated by the VirtualLandGrab technology inspired by the AACS LA. I don't guarantee that I'll protect mine as viciously as they promise to protect theirs.

Labels: , , ,


100K TSA worker records at risk

According to an article in COMPUTERWORLD by Gregg Keizer, "the federal agency responsible for securing the nation's airports said today that it can't find an external hard drive packed with the personal records of about 100,000 current and former employees."

Now doesn't that make you feel good about

Labels: , , ,


Thursday, May 03, 2007

Abusive judge, $65 M lawsuit

A Washington, DC, judge is suing a dry cleaner for $65 million. The offense? A one-week delay in finding a pair of his pants, when they promised "Same day service" and "Satisfaction guaranteed."

Judge Roy L. Pearson Jr. has refused settlement offers of $12,000 plus the suit of his choice, but he is pressing on with his suit [pun intended].

A defense fund website is "under construction."

Labels: , ,


Tuesday, May 01, 2007

The gutting of cybersecurity

Congressman James R. Langevin, Chairman of the Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology of the House Committee on Homeland Security, had some fairly trenchant words to introduce a hearing on "Addressing the Nation's Cybersecurity Challenges," April 25, 2007. I am moved to quote at length:
Last week was an eye opening experience for many of us up here. We learned that our federal systems and privately owned critical infrastructure are all extremely vulnerable to hacking. These vulnerabilities have significant and dangerous consequences. We learned that the federal government has little situational awareness of what is going on inside our systems. We cannot be sure how much information has been lost from our federal systems, and we have no idea if hackers are still inside our systems...

In the last seven years, more than 20 reports from such entities as the INFOSEC Research Council, the National Science Foundation, the National Institute of Justice, the National Security Telecommunications Advisory Committee, the National Research Council and the President's Commission on Critical Infrastructure Protection have all urged the government to do more to drive, discover and deliver new solutions to address cyber vulnerabilities.

But look at what this Administration has done to cybersecurity and the research budget at the Department of Homeland Security. Though this program was slated to receive $22.7 million dollars in FY 2007, the actual numbers I've received from S&T show that we are only funding this program at $13 million dollars. For FY 2008, the President slashed the budget again, requesting $14.8 million dollars. This is an $8 million cut fom the previous year.

Just listen to some of the important programs that are being cut or reduced in FY 2007:
  • The budget for the DNSSEC program -- which adds security to the Domain Name System -- was reduced $670,000 dollars.
  • The budget for the Secure Proocols for the Routing Infrastructure was zeroed out from its original amount of $2.4 million dollars.
  • The budget for the Next Generation Cyber Security Technologies program, which addresses a variety of topic areas aimed at preventing, protecting against, detecting, responding to, and recovering from large-scale, high-impact cyber attacks was reduced $1.625 million dollars.
Now I don't know who is responsible for these cuts -- Under Secretary Cohen, or Secretary Chertoff, or the White House -- but reducing this funding is a serious strategic error by this Administration.

Just to understand how little we're spending for the sake of comparison, the FBI estimated in 2004 that cybercrime cost companies worldwide around $400 billion dollars. In 2005, the agency estimated that U.S. businesses lost $67 billion dollars. Of course, neither of these figures can measure the loss of federal information off of our networks, which may one day cost us our technological advantage over other nations. And those figures also don't count the potential environmental losses if a successful attack on our control systems is carried out.

I am deeply troubled by the lack of foresight that this Administration has demonstrated. These efforts are simply too important to be cut...

The tools that will improve or revolutionize our security will not just appear overnight. Investment today plants seeds for the future, but it is incumbent upon the Federal government to take the leadership role in this effort.

Edited 5/2/07 to add:Doug Maughan's testimony summarizes where DHS stands; its Appendix provides links to the "20 studies."

Daniel Geer's testimony is pertinent, pithy, easy to read, and mostly on-target.

Labels: , , ,


Stunning research.

A paper by Robert Meyer and Michel Cukier, "Assessing the Attack Threat due to IRC Channels," in Proc. International Conference on Dependable Systems and Networks (DSN06), is thought-provoking, and to me, stunning. Their Experiment 2 studied the impact of (perceived) user gender on the attack threat.

They connected silent bots to various chat rooms, differing only in whether their screen name was feminine (Cathy, Elyse, Irene, Melissa, Stephanie), masculine (Andy, Brad, Dan, Gregg, Kevin), or ambiguous (Nightwolf, Orgoth, Redwings, Stargazer), and recorded the malicious messages each received.
The female bots received on average 100 malicious private messages a day, exceeding by far the totals of any of the other bots, with the other attack types being roughly equal. It is interesting to note that the bots with ambiguous names received significantly more malicious private messages (on average 25) than the male bots (on average 3.7), but less than the average between the male and female bots (which is around 52). This experiment shows that the user gender has a significant impact on one component of the attack threat (i.e., the number of malicious private messages received for which the female bots received more than 25 times more private messages than the male bots and 4 more times than the bots with an ambiguous name).
If this hostility is anywhere near the typical Internet experience, is it any wonder that computing and IT are increasingly losing the women?

Labels: , ,