No gods, no kings, no billionaires
“It doesn’t really matter how well an ID card works when used by the hundreds of millions of honest people that would carry it. What matters is how the system might fail when used by someone intent on subverting that system: how it fails naturally, how it can be made to fail, and how failures might be exploited.”
(From: A National ID Card Wouldn’t Make Us Safer, via BoingBoing)
James and Katriona have got theirs! Congratulations to them, and welcome to little Sandy!
If there was any doubt about the desirability of Movable Type’s forthcoming TypeKey authentication service for blog comments, what’s been happening to Kathryn Cramer over the last few days should provide ample justification:
“There’s been a lot of sanctimonious criticism, to which I will not link, about the inadequacy of Kos’s apology. Does anyone really think that if he had apologized and withdrawn his statement, all would be forgiven? Ask Kathryn Cramer. She went too far in her coverage of the Fallujah killings, and posted some unwarranted speculation. In response, she got vile pornography and death threats posted to her comments section. She took the errant post down and apologized profusely, and the hostile comments increased – because, apparently, taking the post down meant that she was trying to hide. She’s continuing to receive violent threats, some of them directed at her children.”
(from Respectful Of Otters, via Electrolite)
Parallels between TypeKey and the US-Visit programme are duly noted.
I’ve been using Mozilla Thunderbird as my main email client for the last couple of weeks, but the experiment is coming to an end, and I’m moving back to Outlook again. Two main reasons: spam, and unstable message filters.
I have been using SpamBayes for Outlook to filter spam for almost a year now, and it rocks. After spending a couple of months double-checking its assessments of what is spam and what isn’t, I found that it was never issuing false positives, that is, categorizing good messages (“ham”) as junk. If it encounters a message that it is unsure about, it puts it in a “Possible Spam” folder, which I check manually every couple of days. Some messages that end up here are real, and some are junk. As soon as I sort them appropriately, though, SpamBayes analyses their characteristics, and improves its odds of filing similar messages correctly in the future. Very rarely, maybe once or twice a week, an actual piece of spam will make it past SpamBayes and get into my inbox. A similar re-training process follows.
Thunderbird stacks up poorly against SpamBayes in three ways:
Next up is the message filtering. It works great most of the time, but every now and then I found that a message that had been processed by a filter (either one of my custom filters, or the built-in junk filter) would be marked as unread, and bounced into the Trash. Huh? What’s up with that?
Bearing in mind that Thunderbird is still early beta software (0.5), these issues may well go away in a later release. My overall impression of the program was very favourable, though: it’s small, fast, nicely tweakable, and cross-platform. I’ll be keeping my eye on it as it develops. (That is, if I don’t get seduced by GMail in the meantime….)
There’s only so much you can do with a baby screaming in your ear. Reading becomes difficult. Writing becomes damn near impossible. Physical coordination is impaired. There’s something in the shrill, primal wail that short-circuits your synapses and jams your neural pathways. So is it any wonder that the US military is using this noise as a new weapon in Iraq? (via Making Light)
US troops are to be armed with a stun gun that uses a baby’s high-pitched scream to bring the enemy to its knees.
The gun, which will be issued to marines in Iraq this month, fires “sonic bullets” that can be targeted like a torch beam.
Anyone hit with a full blast would suffer excruciating pain, permanent deafness and some form of cellular damage. A prolonged blast could kill.
The “Secret Scream” gun as it is called, could revolutionise the way US troops deal with snipers, suicide bombers and riots in the turmoil of post-war Iraq.
The actual sound used is a recording of a baby’s scream played backwards.
“For most people, even if they plug their ears, it will produce the equivalent of an instant migraine,” said Woody Norris, chairman of American Technology Corporation, the Californian company that has produced the weapon.
“It will knock some people to their knees.”
No shit. Prolonged exposure to babies’ crying has been known to make even men yank out their breasts in the vain hope of appeasing the boundless appetites and unplumbable desires of a howling infant.
According to the height and weight charts, our wee Fiona, ten weeks old today, is the size of a healthy five-month old. She’s not fat, she’s just huge. Most five-month olds are eating some solid food to bulk out their diet. But because Fiona is too young for solids, she gets a breastful of milk at three-hour intervals…and then is hungry again an hour later. You can imagine how happy that makes her.
I’d like to spout off about fingerprints and biometric ID cards, but I’m running into several problems. First of all, I know enough about computer security, and security in general, to realise that I don’t actually know very much at all. Secondly, getting to the point where I could talk about it knowledgeably and maybe contribute an original thought or two would take a good deal of effort, and I’m waaay too lazy for that. And finally, I have friends who do security for a living, and they’d lay the smack down on me if I decided to talk buttocks instead of doing a properly researched article.
A small note on buttocks: this has become my new favourite word after listening to last week’s edition of The Now Show on Radio 4, when Marcus Brigstocke uttered the wonderful line:
“Your argument is buttocks. It stinks, it has a large crack up the middle, and frankly, it’s beneath you.”
So I’ll point you to some articles by Bruce Schneier instead: Fingerprinting Visitors Won’t Offer Security, IDs and the illusion of security and America’s Flimsy Fortress.
I don’t think that biometric identification is a bad thing in principle, so long as it is applied in a limited, secure, and privacy-conscious fashion. If there does have to be some way of “definitively” proving that a passport, ID card, or bank card belongs to the person holding it, then fingerprints or iris scans are relatively simple and immutable. Photographs are dodgy, signatures are too easily forged, and PIN numbers and passwords are too easily forgotten if you don’t use them regularly. (Ask the IT helpdesk of any moderately large organisation.)
However, that’s all it does: prove that the holder of the card in question is who they say they are. It doesn’t say anything about what you can do with that proof, like withdraw money from an account, or enter a country. Would a US customs official allow, say, Osama Bin Laden to enter the country just because his passport confirms that it geniunely belongs to him, and no-one else? No. You can’t do anything with identity alone. It’s like having a user ID with no email account to use it on. In order for identities to be useful, they have to be linked to some information.
For bank cards, this information is a bank account. Once you’ve proved who you are, a bank can link this identity to their database of accounts, and allow you access to the right funds. Likewise, what the new US border controls are intended to do is link your identity (as proved by a fingerprint, or a biometric passport) to their database of naughty people. If you are a naughty person, they will arrest, deport, or disappear you as appropriate. (Did I say “disappear”? Surely not!).
Generally, people will agree that keeping naughty people out or their country, or arresting them so they can’t do any harm, is a good thing. And it is. The real problem is how we define “naughty,” and how we allow that definition to change over time. Right now, we might be just talking about criminals with outstanding warrants, and visa violators. Should speeding tickets or parking violations be taken into consideration? How about information about your P2P music sharing habits? The allegedly defamatory comments you once left behind on someone’s weblog? History shows that once governments are granted a new power, they are very reluctant to give it up again. From Bruce Schneier’s essay “Fingerprinting Visitors Won’t Offer Security“:
“The U.S. system of government has a basic unwritten rule: The government should be granted only limited power, and for limited purposes, because of the certainty that government power will be abused. We’ve already seen the Patriot Act powers granted to the government to combat terrorism directed against common crimes. Allowing the government to create the infrastructure to collect biometric information on everyone it can is not a power we should grant the government lightly. It’s something we would have expected in former East Germany, Iraq or the Soviet Union. In all of these countries, greater government control meant less security for citizens, and the results in the United States will be no different. It’s bad civic hygiene to build an infrastructure that can be used to facilitate a police state.”
Security, as Schneier is fond of saying, is a trade-off. How much convenience and privacy are you willing to give up in return for a given increase in security? For a measure like fingerprinting visitors and requiring biometric passports, which won’t go any great distance towards combating terrorism, the answer should be: not much. But once these measures are in place, the potential for future privacy abuses will be boundless.