Guns and Gun Control: The Numbers Are Beginning To Add Up

Drawing_from_holsterMany people have made the claim that they need to own guns to protect themselves, that they can’t leave it to police to protect them, the enormous assumption being that a gun actually does offer some protection.  There are a number of scholarly works to test that assertion.

  • A longitudinal study by Johns Hopkins and Berkeley published in 2015 the American Journal of Public Health shows that Connecticut’s Permit to Purchase law reduced firearm homicide by 40%.
  • A separate Johns Hopkins study showed that firearm suicide rates in Connecticut dropped 15.4% after that law was passed, while Missouri’s firearm suicide rate increased by 16.1% after they repealed gun control legislation.  There was also a lower than expected overall suicide rate in Connecticut.
  • Missouri also saw a 25% increase in homicides after their background check law was repealed.
  • An earlier CDC study published in 2004 in the Journal of American Epidemiology showed that simply having a gun in the home, regardless of how it is stored, increases the odds of death by firearm by a factor of 1.9.
  • A more recent meta-study by Harvard researchers in the Annals of Internal Medicine showed an increase risk of both suicide and homicide in homes where guns are present.  In particular, that study found that homicide victimization rates were slightly higher for those who had guns in their homes than those who did not.
  • A 2011 CMU study did show that having a gun in the home seems to deter certain planned crimes such as burglary, but has no effect for unplanned crimes.  Furthermore, it showed that only having a gun in the home does not provide the deterrence, but that this fact needs to be somehow brought to the attention of the burglar.

Summing up: studies thus far demonstrate that having a gun in the house increases the chances of someone in that house dying by firearm, it increases the risk of suicide, and it does not prevent a crime of passion, although it may deter a burglary.  More analysis is needed.  It is likely, for instance, that the type of gun matters.  A lot of studies are needed about open carry laws.  Still, if you think a gun offers you any sort of protection against others, consider the risks.

Image courtesy of aliengearholsters.com.

Court Order to Apple to Unlock San Bernardino iPhone May Unlock Hackers

A judge’s order that Apple cooperate with federal authorities in the San Bernardino bombing investigation may have serious unintended consequences. There are no easy answers. Once more, a broad dialog is required.

Scales of JusticePreviously I opined about how a dialog should occur between policy makers and the technical community over encryption.  The debate has moved on.  Now, the New York Times reports that federal magistrate judge Sheri Pym has ordered Apple to facilitate access to the iPhone of Syed Rizwan Farook, one of the San Bernardino bombers.  The Electronic Frontier Foundation is joining Apple in fight against the order.

The San Bernardino fight raises both technical and policy questions.

Can Apple retrieve data off the phone?

Apparently not.  According to the order, Apple is required to install an operating system that would allow FBI technicians to make as many password attempts as they can without the device delaying them or otherwise deleting any information.  iPhones have the capability of deleting all personal information after a certain number of authentication failures.

You may ask: why doesn’t the judge just order Apple to create an operating system that doesn’t require a password?  According to Apple,  the password used to access the device is itself a key encrypting key (KEK) that is used to gain access to decrypt the key that itself then decrypts stored information.  Thus, bypassing the password check doesn’t get you any of the data.  Thus, the FBI needs the password.

What Apple can do is install a new operating system without the permission of the owner.  There are good reasons for them to have this ability.  For one, it is possible that a previous installation failed or that the copy of the operating system stored on a phone has been corrupted in some way.  If technicians couldn’t install a new version, then the phone itself would become useless.  This actually happened to me, personally, as it happens.

The FBI can’t build such a version of the operating system on their own.  As is best practice, iPhones validate that all operating systems are properly digitally signed by Apple.  Only Apple has the keys necessary to sign imagines.

With a new version of software on the iPhone 5c, FBI technicians would be able to effect a brute force attack, trying all passwords, until they found the right one.  This won’t be effective on later model iPhones because their hardware slows down queries, as detailed in this blog.

Would such a capability amount to malware?

Kevin S. Bankston, director of New Americas Open Technology Institute has claimed that the court is asking Apple to create malware for  the FBI to use on Mr. Farook’s device.  There’s no single clean definition of malware, but a good test as to whether the O/S the FBI is asking for is in fact malware is this: if this special copy of the O/S leaked from the FBI, could “bad guys” (for some value of “bad guys”) also use the software against the “good guys” (for some value of “good guys”)?  Apple has the ability to write into the O/S a check to determine the serial number of the device.  It would not be possible for bad guys to modify that number without invalidating the signature the phone would check before loading.  Thus, by this definition, the software would not amount to malware.  But I wouldn’t call it goodware, either.

Is a back door capability desirable?

Unfortunately, here there are no easy answers, but trade-offs.  On the one hand, one must agree that the FBI’s investigation is impeded by the lack of access to Mr. Farook’s iPhone, and as other articles show, this case is neither the first, nor will it be the last, of its kind.  As a result, agents may not be able to trace leads to other possible co-conspirators.  A  Berkman Center study claims that law enforcement has sufficient access to metadata to determine those links, and there’s some reason to believe that.  When someone sends an email, email servers between the sender and recipient keep a log that a message was sent from one person to another.  A record of phone calls is kept by the phone company.  But does Apple keep a record of FaceTime calls?  Why would they if it meant a constant administrative burden, not to mention additional liability and embarrassment, when (not if) they suffer a breach?  More to the point, having access to the content on the phone provides investigators clues as to what metadata to look for, based on what applications were installed and used on the phone.

If Apple had the capability to access Mr. Farook’s iPhone, the question would then turn to how it would be overseen.  The rules about how companies  handle customer data vary from one jurisdiction to another.  In Europe, the Data Privacy Directive is quite explicit, for instance.  The rules are looser in the United States.  Many are worried that if U.S. authorities have access to data, so will other countries, such as China or Russia.  Those worries are not unfounded: a technical capability knows nothing of politics.  Businesses fear that if they accede to U.S. demands, they must also accede to others if they wish to sell products and services in those countries.  This means that there’s billions of dollars at stake.  Worse, other countries may demand more intrusive mechanisms.  As bad as that is, and it’s very bad, there is worse.

The Scary Part

If governments start ordering Apple to insert or create malware, what other technology will also come under these rules?  It is plain as day that any rules that apply to Apple iPhones would also apply to Android-based cell phones.  But what about other devices, such as  televisions?  How about  Refrigerators?  Cars?  Home security systems?  Baby monitoring devices?  Children’s Toys?  And this is where it gets really scary.  Apple has one of the most competent security organizations in the world.  They probably understand device protection better than most government clandestine agencies.  The same cannot be said for other device manufacturers.  If governments require these other manufacturers to provide back door access to them, it would be tantamount to handing the keys to all our home to criminals.

To limit this sort of damage, there needs to be a broad consensus as to what sorts of devices governments should be able to access, under what circumstances that access should happen, and how that access will be overseen to avert abuse.  This is not an easy conversation.  That’s the conversation Apple CEO Tim Cook is seeking.  I agree.

Bernie Sanders For President

Bernie Sanders will change the course of American politics. By making clear what his moral positions are, he will lead the country away from three decades of failed right wing policies, providing a clear Democratic vision.

Bernie SandersToday I’m endorsing Senator Bernie Sanders for president of the United States.

Both candidates would make infinitely better leaders than any of the Republican choices.  Both derive their positions from deep experience, both as executives and legislators.  Both believe in a strong collaborative foreign policy as opposed to Republican isolationism.  Former Secretary Clinton has amazing intellectual capacity.  The many unfair attacks against her speak more about the character of those doing the attacking.  She would make an excellent president.

However, we need someone who will not lead us from the supposed center, but who instead will effect a tectonic shift of the center, who will have no truck with those who would settle for status quo.  For over thirty years, America has been misled by Republican leaders to believe that public investment in infrastructure and government oversight is somehow wrong.  The poisoned water in Flint Michigan was no accident, but the result of neglect.  That same neglect threatens our food supply and the very air we breath.  Thirty years of neglect of our school systems have caused teachers to walk away from an honorable profession, dividing our country into two classes- those who can afford a decent education, and those who cannot.  If we want to put an end to that, someone must lead us away from the oncoming climate disaster, and from rule by religion that the Christian Right has enjoyed for too long.

Mrs. Clinton would only hold the presidency, and lead from the current center.  She seeks to build incrementally on President Obama’s policies. Mr. Sanders has an opportunity not only to capture the White House, but to establish a firm Democratic vision that will reform the party.  In so doing he would take a wrecking ball, not to our infrastructure as the Republican leaders have, but to the failed Republican practice of allowing a good Fox News sound bite full of falsehoods dictate policy.  America needs to begin to correct the damage that has been caused.  That’s where the center needs to be, and that is where I believe Mr. Sanders will take us.

Poll: Sanders or Clinton?

Who would you rather have as the next president?

Like many other Democrats I am looking at the two main candidates, Senator Bernie Sanders and Former Secretary of State Hilary Clinton, and I am very close to making a decision on who to support.  I am very interested in hearing what friends have to say about who they think wold make the better president.

Who would make the better president?

  • Senator Sanders (76%, 13 Votes)
  • Hilary Clinton (24%, 4 Votes)

Total Voters: 17

Loading ... Loading ...

The poll is closed, but feel free to leave a comment.

 

U.N. renews IGF and World Summit for the Information Society

For those who haven’t been following the party, the United Nations has had an effort for the last decade called the World Summit on the Information Society (WSIS).  This ongoing activity was up for renewal this year.  While the Internet technology provides us so much, many we face many challenges.  They include access to the technology, security, and human rights.  WSIS addresses itself to these challenges.  The UNGA decided to continue this effort for another 10 years.  As part of this renewal process, the mandate of the Internet Governance Forum (IGF) was extended for another 10 years as well.  At the same time, the UNGA is taking a conservative approach toward government involvement by not trying to supplant the enormous efforts of those who do the work today.

As a community, we could have done a lot worse.  ISOC president Kathy Brown and her team, Ambassador Daniel Sepulveda, Marian Gordon, Chip Sharp, Chris Fair, Dominique Lazanski, Avri Doria, Bill Drake, Chris Buckridge, George Sadowsky Veni Markovski, Vint Cerf, Robert Pepper, and many others who were in the room are to be congratulated for their hard work, not only in the room, but beyond.  I personally am very impressed with ISOC’s outreach effort in region, and how that has impacted these sorts of discussions.

Within the industry we need to recognize that women are the exception to the rule at the edge of the technology development cycle.  I want much better for my daughter.  Also, as we head toward over 50 billion devices being connected, the Internet of Things must be secured.  The architecture needs lots more work to do that.  Today many endpoint devices do not have well bound names, even.  At the same time, the quality of code needs to improve, which is a particular challenge in many places.  Human rights is another area on which we are only just scratching the surface.  And yes, we must continue to struggle engage all stakeholders, including governments.  The IGF itself really needs work.  It needs funding, and we need to find a way to meet the challenge set by the UNGA in terms of identifying positive outcomes.

Yes,  we all truly have a lot to do, and yet these challenges present many opportunities for innovation at many levels.  I’m excited to be working in this space now.