When is a Fine Excessive?

CNN has an interesting story about a Christian organization that is seeking to avoid fines for not providing coverage for the “Day After” pill or (I think) RU-486. Let us not argue about birth control or abortion. My issue here is the amount of the fine, which is $100 per day per employee for whom the employer refuses coverage. Why isn’t that fine excessive? To begin with, let’s look at the cost of such services. The cost of the drugs are relatively low. According the Planned Parenthood, the cost for the pharmaceuticals are between $10 and $70. For an insurance company this is really a non-issue, and that leaves the moral issue, because it’s not an ongoing expense. In fact, it may even be lower than some people’s co-payments or deductibles. Now we need to add this to an insurance risk pool cost, and the price for insurance probably drops to well less that $0.10 per year . After all, how often does anyone need such services? Maybe once in their lives? Maybe never.

If we break this down, then, to compensatory versus punitive damages, let’s postulate an government program that allows doctors and pharmacies to be reimbursed for the cost of the procedure. Let’s call the program, oh…. Medicaid. Let’s say that costs, from a risk perspective, $1.00 per year. The Supreme Court has already said that punitive damages in civil cases should not exceed a factor of 10. Why then, should the fine for this behavior not by $10 per employee per year instead of $100 per employee per day?

In fact, why not let employers opt out on conscience grounds and let them pay a slightly higher premium of $2.00 per employee? In this sense, the government would stand to profit from an employer who REALLY has qualms. Of course, one would also have to ask why that company would feel so comfortable paying the government twice what it would pay the insurance company, when at the end of the day the same service would be performed?

Put simply: what is the societal interest in penalizing a company 100,000 times the cost of a service in this case? Is this such an egregious omission? Are employees unsafe? Would the service otherwise be unavailable? What is the issue?

Smart Watches and wristbands: who is watching the watches?

Over the last few weeks a number of stories have appeared about new “wearable” technology that has the means to track you and your children. NBC News has a comparison of several “Smart Watches” that are either on the market or could soon be. Think Dick Tracy. Some have phones built in, while others can send and receive email. These things don’t replace smartphones or other PDAs in general because their screen size is so small. They’re likely not to have much of an Internet browser for that reason, and they may only support a few simultaneous applications on board.

Still, smart watches may find their own nitch. For instance, a smart watch can carry an RFID that that could be used to control access to garage doors, or perhaps even your front door. A smart watch might be ideal for certain types medical monitoring, because of its size. In all likelihood these devices would have limited storage, and would take advantage of various cloud services. It’s this point that concerns me.

Any time data about you is stored somewhere, you have to know what others are using it for, and what damage can be done if that data falls into the wrong hands. And so, now let’s consider some of the examples we discussed above in that light:

Voice communications: as one large vendor recently discovered, anything that can be used as a phone can be used as a bug, to listen into conversations. Having access to a large aggregations of smart watches through the cloud would provide an entire market for attackers, especially if the information is linked to specific individuals.
Medical monitoring: similarly, if you are using a smart watch or any other device for medical monitoring, consider who else might want to act on that information. Insurance companies and employers immediately leap to mind, but then perhaps so do pharmaceutical companies who might want to market their wares directly to you.
RFID and location-based services. There have already been instances of people being tracked electronically and murdered. Children wearing this or a similar device could be kidnapped if the cloud-based services associated with the device is broken into.

This is what concerns me about Disney’s Diney World MagicBand. Disney makes a strong case that having such a band can actually improve service. But should their information systems be broken into by a hacker, how much might a deranged estranged parent pay that criminal to find out where the child is?

It is the linkage of various attributes that must be considered. Add location to a name and all of a sudden, a hacked cloud-based service can really do someone damage. We give away a lot of this information already with many smartphone applications and other devices we carry. Before we give away more, perhaps we should stop and think about our privacy in broader terms and what is necessary to protect it. In Europe, the Data Privacy Directive covers a lot of this ground. But America and other countries are far behind that level of protection. Further, every new service on a smart device is going to want to monetize every last bit of data they can get.

Access to WCIT available to ALL

As I wrote earlier, WCIT is now taking place in Dubai. This conference could impact your ability to use the Internet, either by stifling growth due to encoded business models, or by mandating specific standards, rather than allowing creativity to flow. We have the opportunity to listen to parts of this conference, specifically plenary and whole committee meetings. After a tremendous amount of pressure, the participants of that conference have allowed open access to the streaming. You can access the streams at the ITU web site. To be sure, it’s a fairly technical conference. If you listen in and have questions, you can join an XMPP chatroom. If I’m around I will answer your questions. You can also post them here, although in either case I may not have the answer.

Are bad iPhone maps a security problem?

A while ago I talked about business models and how they impact security. The key thing then was that Apple had a direct path to the consumer, which drove update rates of iOS very quickly, in comparison to Android. Implicit in all of that was that consumers would find a reason to upgrade to the latest software.

Now we see a new version 6 of iOS that has what can only be described as a miserable replacement for Google Maps, as well as a number of reported problems with WiFi connectivity. All of a sudden, the tables are turned. Are the 200 new features found in iOS worth risking one’s ability to use WiFi or have accurate mapping information? Note that the question makes no reference to security. That’s because consumers don’t care about that.

So, here’s the thing to watch, and Google will be watching very closely: what is the adoption rate of iOS version 5 as compared to its predecessor? The converted have already moved over. Now it’s time for the rest of us. Will we or won’t we? I already have decided to wait for a “.0.1” version of iOS 6, as my iPhone works fine as is, and none of the new features really seem so interesting, such that I want to risk breaking WiFi or my maps. Note again, I’m not even mentioning security.

U.S. Currency War with China?

This short piece is on News Hour introduces us to the politics of currency manipulation. A government who keeps its currency artificially low is in essence dumping their goods and services on every other country, thereby taking jobs from those countries. The hard part is determining when prices are really artificially low. While it is in the end a political opinion, we have some hints as to when the price of a currency is really lower than it should be. One of those is when per-capita income is higher than another country’s and yet there is still a net export of goods and services. According to the International Monetary Fund, for 2010, the U.S. had the 7th highest per capita income of $46,860, while China came in a distant 94th with $7,544 per person. China’s trade surplus for that same year was $190 billion. Were we to attribute all of that to the United States, that would add about $680 to the U.S. per capita income.

On the other hand, Perhaps, on the other hand, the U.S. currency is too high. After all, the U.S. trade deficit for 2010 was $498 billion. But then what do we do about it? To lower the value of the dollar you simply print more. Of course that risks inflation. And if you do print more, why shouldn’t another country respond by printing more of its own currency?

It’s a messy business, and given the amount of money to be made or lost in speculating on currency, the U.S. Senate should be very careful about the sort of laws they pass, particularly ones that in some way ties the Treasury Department’s arms in dealing with currency crises. Thar be dragons here.