Tag: Politics

Hello Insecurity, Goodbye Privacy. Thank you, President Obama

Some people say that Internet Security is an oxymoron, because we hear so much about the different ways in which hackers and criminals break into our data, steal our identities, and even use information to commit “real world” crimes like burglary, when it becomes clear that someone’s gone on vacation.  Well now the Obama Administration along with the FBI and NSA are proposing to make things worse, according to an article in today’s New York Times.

According to the Times, the government is going to propose requiring that developers give up on one of the key principals of securing information– use of end to end encryption, the argument being that law enforcement does not have the visibility to information they once had, say, in the Nixon era, where the NSA acted as a vacuum cleaner and had access to anything.

As our friend Professor Steve Bellovin points out, weakening security of the Internet for law enforcement also weakens it for benefit of criminals.  Not a month ago, for instance, David Barksdale was fired from Google for violating the privacy of teenagers.  He could do that because communications between them were not encrypted end-to-end.  (Yes, Google did the right thing by firing the slime).

This isn’t the first time that the government has wanted the keys to all the castles, since the invention of public key cryptography.  Some of us remember the Clipper chip and a government-mandated key escrow system that the Clinton Administration wanted to mandate in the name of law enforcement.  A wise friend of mine said, and this applies equally now, “No matter how many people stand between me and the escrow, there exists a value of money for me to buy them off.”  The same would be true here, only it would be worse, because in this case, the government seems not to be proposing a uniform technical mechanism.

What’s worse– this mandate will impact only law abiding citizens and not criminals, as the criminals will encrypt data anyway on top of whatever service they use.

What you can do: call your congressman now, and find out where she or he stands.  If they’re in favor of such intrusive policy, vote them out.

Wrap-up of this year’s WEIS

This year’s Workshop on the Economics of Information Security (WEIS2010) enlightened us about Identity, privacy, and the insecurity of the financial payment system, just to name a few presentaitons.

Every year I attend a conference called the Workshop on Economics of Information Security (WEIS), and every year I learn quite a bit from the experience.  This year was no exception.  The conference represents an interdisciplinary approach to Cybersecurity that includes economists, government researchers, industry, and of course computer scientists.  Run by friend and luminary Bruce Schneier, Professor Ross Anderson from Cambridge University, and this year with chairs Drs. Tyler Moore and Allan Friedman, the conference includes an eclectic mix of work on topics such as the cyber-insurance (usually including papers from field leader Professor Rainer Böhme, soon of University of Münster), privacy protection, user behavior, and understanding of the underground economy, this year’s conference had a number of interesting pieces of work.  Here are a few samples:

  • Guns, Privacy, and Crime, by Allesandro Acquisti (CMU) and Catherine Tucker (MIT), provides an insight into how addresses of gun permit applicants posted on a Tennessee website does not really impact their security one way or another, contrary to arguments made by politicians.
  • Is the Internet for Porn? An Insight Into the Online Adult Industry – Gilbert Wondracek, Thorsten Holz, Christian Platzer, Engin Kirda and Christopher Kruegel provides a detailed explanation of the technology used to support the Internet Porn industry, in which it claims provides over $3,000 a second in revenue.
  • The password thicket: technical and market failures in human authentication on the web – Joseph Bonneau and Sören Preibusch (Cambridge) talks about just how poorly many websites manage all of those passwords we reuse.
  • A panel on the credit card payment system, together with a presentation that demonstrated that even credit cards with chips and pins are not secure.  One of the key messages from the presentation was that open standards are critically important to security.
  • On the Security Economics of Electricity Metering – Ross Anderson and Shailendra Fuloria (Cambridge) discussed the various actors in the Smart Grid, their motivations, and some recommendations on the regulatory front.

The papers are mostly available at the web site, as are the presentations.  This stuff is important.  It informs industry as to what behaviors are both rewarding and provide for the social good, as well as where we see gaps or need of improvement in our public policies, especially where technology is well ahead of policy makers’ thinking.

More lies from the lying liars who tell them

Some time ago, now Senator Al Franken wrote a book called Lies and the Lying Liars Who Tell Them.  I read the book, and found it to be a lousy read as petty, spiteful, and true.  You may not agree with his politics or his style, but the one thing you can say about Senator Franken is that he has always valued the truth.  On the other hand, I don’t know why anyone actually believes Fox News at all.  Because they and their chief liar Bill O’Reilly are at it again!  This time, it’s a railroad job against Senator Coburn, who had the audacity to call my Congresswoman, Nancy Pelosi, a nice lady, and who said, when talking abut the insane notion of putting people in prison for buying insurance, that “The intention is not to put anybody in jail. That makes for good TV news on FOX but that isn’t the intention.”

Bill O’Reilly can’t have that, so he claimed, “We researched on Fox News if anybody had ever said you’re going to jail if you don’t buy health insurance. Nobody’s ever said it.”  Guess what?  The New York Times did some investigating and found at least six instances where someone on Fox News  did say it.

When reporter at the New York Times was caught some months ago for plagiarizing, he was forced to resign and the entire newspaper was shamed.  Not so for Fox when they just make stuff up, as apparently they have no shame!  And so I think they deserve a new name: The Republican Liars Network (RCN).  Not all Republicans are liars, and not all liars are Republicans, but those who choose to believe what they know to be lies, aren’t much better than the liars themselves, especially when they act on that information in the voting booth.

All I can ask is please, Senator Franken, don’t update your book.  There’s just too much material.

This Post Brought To You By…

paperworkToday it was broadly reported that bloggers must inform consumers when they receive contributions for promotions they make on their blogs. But one wonders where it stops. Shouldn’t one’s day job have as much, if not more, material impact on what one says and doesn’t say? What about one’s stock portfolio?

For the record, this site makes me $0.  I work for Cisco Systems.  I won’t reveal my stock portfolio, but will tell you that I constrain my postings on this site to at least not completely inflame my superiors on business-related matters.  That means that if you’re looking for someone who is critical of MPLS and many Internet Service Providers, while I am, I’m probably not going to rant here about it.  Some of those people are customers, and they might reasonably ask what I am doing to make things better.

I will say this about my stock portfolio.  It hasn’t stopped me from talking negatively about some of the companies whose shares I have owned, believe it or not.

Guess Who Thinks He’s Running for President

Bureau of EconomicsIt’s January 25th, and President Obama has been in office for only a few days, and it seems as though there is jockeying for the Republican nomination for 2012.  Here is how it works: take one of President Obama’s or Congress’ new and somewhat popular initiatives, and bet against it – heavily – by criticizing it in every which way you can and being an obstacle.  You know you’ll eventually lose the battle that the initiative will go through, but then if it doesn’t work, you can claim “I told you so.”  Doubly down if the initiative the economic stimulous package, because even if it does work, you can claim that the economy would have recovered in spite of it, and now the deficit is larger.

This is precisely the tact currently being taken by Senator John Cornyn of Texas.  And he’s gone further by challenging the appointments of Hillary Clinton to Secretary of State, and Eric Holder to Attorney General.

There are risks with this strategy.  First of all, if they are simply mowed over, and the policies are effective, the Democrats will enjoy popularity for a recovering economy.  if the obstruction works, and the economy doesn’t improve, then the Democrats can weild that failure against the Republicans – again – in 2010.

But I have a simple suggestion for the Democrats regarding the economy: allow those congressmen and senators to who oppose the stimulous to refuse it on behalf of their states and their districts, and let the voters judge them.