Author: Eliot

Wrap-up of this year’s WEIS

This year’s Workshop on the Economics of Information Security (WEIS2010) enlightened us about Identity, privacy, and the insecurity of the financial payment system, just to name a few presentaitons.

Every year I attend a conference called the Workshop on Economics of Information Security (WEIS), and every year I learn quite a bit from the experience.  This year was no exception.  The conference represents an interdisciplinary approach to Cybersecurity that includes economists, government researchers, industry, and of course computer scientists.  Run by friend and luminary Bruce Schneier, Professor Ross Anderson from Cambridge University, and this year with chairs Drs. Tyler Moore and Allan Friedman, the conference includes an eclectic mix of work on topics such as the cyber-insurance (usually including papers from field leader Professor Rainer Böhme, soon of University of Münster), privacy protection, user behavior, and understanding of the underground economy, this year’s conference had a number of interesting pieces of work.  Here are a few samples:

  • Guns, Privacy, and Crime, by Allesandro Acquisti (CMU) and Catherine Tucker (MIT), provides an insight into how addresses of gun permit applicants posted on a Tennessee website does not really impact their security one way or another, contrary to arguments made by politicians.
  • Is the Internet for Porn? An Insight Into the Online Adult Industry – Gilbert Wondracek, Thorsten Holz, Christian Platzer, Engin Kirda and Christopher Kruegel provides a detailed explanation of the technology used to support the Internet Porn industry, in which it claims provides over $3,000 a second in revenue.
  • The password thicket: technical and market failures in human authentication on the web – Joseph Bonneau and Sören Preibusch (Cambridge) talks about just how poorly many websites manage all of those passwords we reuse.
  • A panel on the credit card payment system, together with a presentation that demonstrated that even credit cards with chips and pins are not secure.  One of the key messages from the presentation was that open standards are critically important to security.
  • On the Security Economics of Electricity Metering – Ross Anderson and Shailendra Fuloria (Cambridge) discussed the various actors in the Smart Grid, their motivations, and some recommendations on the regulatory front.

The papers are mostly available at the web site, as are the presentations.  This stuff is important.  It informs industry as to what behaviors are both rewarding and provide for the social good, as well as where we see gaps or need of improvement in our public policies, especially where technology is well ahead of policy makers’ thinking.

FBI spots potential danger to a school – on Facebook

As opposed to my previous post, BBC reports an instance where the FBI has made use of public information to predict a possible threat to St Aelred’s Catholic Technology College in England.  The information was on Facebook, and was available probably because the defendant hadn’t protected his postings, perhaps due to FB’s confusing approach to privacy.  Imagine, however, that FB didn’t confuse anyone, and this information were protected.  Would the FBI have been prevented from warning St. Aelreds?  If if they couldn’t, would Facebook?  And if Facebook didn’t would the FBI insist on new powers?  Watch this space.

American in exile with no due process

Imagine taking a vacation to some exotic place, perhaps even going to school abroad for a few months, and then being told that you can’t go home.  The New York Times reports that such is the tragic situation of Yahya Wehelie, a young American who went to Yemen to study, at the insistence of his parents.  He found himself on the No Fly List, for reasons we don’t know, and given no reasonable way to get home to Virginia.

Here we see the juxtaposition of many principles:

  • The government responsibility to protect Americans on the ground and in the air from terrorism;
  • The individual’s freedom to travel;
  • Government responsibility to enforce trade other policies, such as that of importation of prohibited goods; and
  • An individual’s right to freedom from unreasonable search and seizure.

Americans have the fewest rights when flying back to the United States.  You can expect to be searched, probed, and prodded.  You don’t have the right to carry a bottle of water into an airport, and you can expect substantial inconvenience, especially if you are disabled, when traveling.  You can expect your laptop to be confiscated.

The situation is changing, however.  A recent decision by a federal judge limits rummaging through laptops of American citizens.  Another decision is clearly needed: Americans deserve the right to face their accusers, to hear allegations, and to be able to respond to those charges so that they can receive justice.  The basic premise of an airport search is to address threats that are not amenable to taking the time to have such a hearing.  Several weeks should be more than plenty of time for a case to be heard by a competent judge.  Having some random person stick your name on a list is what one should expect of  Nineteen Eight-Four and Brazil, and of America.

What would you do if it were your son trying to get home?

Iran sending aid to Gaza? What else is new?

Yes, the headlines from Al Jazeera read, “Iran to send aid ships to Gaza”.  Here’s the problem: they’ve probably been aid to Gaza all along, but not the type of aid that actually helps people.  Their type of aid includes guns, ammunition, and perhaps not much that could even be considered “dual use”.  In fact, given what Iran is in hot water for, themselves, perhaps the ”aid” might take an entirely new dimension.

It’s not that I’m in favor of blockading aid to Gaza, especially legitimate aid.  But Iran is classically overplaying its hand against the court of world opinion, while its own citizens are in great need of such aid, with oil prices having been flat for quite a while.

We can always point at one side or the other in the conflict in Gaza and assign fault.  It’s undeniably true that Hamas shot off rockets into Israel, and it is equally undeniably true that the conditions in Gaza itself are appalling.  Iran won’t resolve this matter.  Instead they are just playing to everyone’s emotions, and they’re not doing that good of job at it.

Yet more garbage out of Fox

As if to prove the point of my previous post, Fox News had this lovely story that Google’s aggregator caught about supposed increased costs due to immigration.  But once again, we have to consider the source, and in this case, the source of their story is an advocacy group called FAIR (The Federation for American Immigration Reform).  Their “researchers” are advocates.  A hint that something is wrong with this story is already present in the article, when you read that the “research” was released exclusively to Fox.  Oops!  That’s not fair research.  Real research is open to all to inspect and challenge.

People often say, “Oh the left is just as bad.”  I find no such equivalence.  A good right wing lightning rod, The New York Times, features today an expose on a Democrat Connecticut Attorney General Richard Blumenthal, where he claims to have served in Vietnam, but didn’t.  The Right does that same sort of investigation of the Right, right? Wrong.

And so I wonder, oh Conservative friends of mine, what value is Fox News when they lie to you?