== Another summons to resigned despair ==
Conspiracy theories abound. They erupt out of human nature, it seems, and your ethnicity or caste or political leanings only affect which direction you credit with devilish cleverness, secret power and satanic values. For sure, as a science fiction author I can concoct plausible schemes and plots with the best of them! Indeed, let me add that some real life cabals are so blatant and proudly obvious that you just have to admit – sometimes “they” are completely real and up to awful mischief.
(Anyone who does not trace the ownership of Fox News, for example, and draw obvious conclusions, must already have succumbed to that particular mind control plot.)
And yet, I have a completely different take on this kind of paranoia. It helps to step back and realize that almost certainly the vast majority of wild-eyed conspiracy theories out there are hogwash.
Moreover, underlying it all is the fact that most are all about flattery! Each one caters to the believer’s inflated sense of importance:
Moreover, underlying it all is the fact that most are all about flattery! Each one caters to the believer’s inflated sense of importance:
“Me and my pals are in the know, and the rest of you are sheep!”
Never once have I seen any conspiracy fetishist stop and admit the obvious, that every Hollywood film preaches not just suspicion of authority (SoA), but also the bovine nature of our neighbors. (Neighbors who assume they are the knowing ones, while you are the braying, easily-fooled ungulate.)
But okay, let’s put aside the fact that cabal-believers suckled their SoA milk from the most relentless propaganda campaign in human history. That irony is too rich for them (or even most of you) to fully contemplate. Nevertheless, is it possible that some of the “black helicopter” type scenarios contain a grain of truth?
More than a grain, I’ll avow. Oh, not “government camps” and martial law or any of that crap. If you ever met an actual civil servant, in one of those cryptic agencies, you’d know how hard such things would be to keep secret. Edward Snowden blew the whistle on… what was at the time marginally legal meta-data mining, with not a single citizen being even slightly (physically or financially) inconvenienced. There’d be 10,000 Snowdens if any of the Blofeld-style scenarios about real heinous stuff had even a glimmer of truth.
(That is my own take on Snowden, that he served as a canary demonstrating the threshold of “heinousness” at which civil servants can be expected to step-up. And we can take some solace that the threshold is way, way, way lower than “black helicopters.”)
But no… the grain of truth has to do with surveillance. Watching us. Collating data from our phones and online searches and fitbits and phone calls. The stuff that Snowden and his fellow “T Cells” are complaining about, and that serve as grist for this leap by Walter Kirn into gonzo paranoid-journalism in the Atlantic, entitled: “If You’re Not Paranoid, You’re Crazy.”
Mr. Kirn begins with a very leading question:
“As government agencies and tech companies develop more and more intrusive means of watching and influencing people, how can we live free lives?”
Tabulating a series of worst-case scenarios and semi-warranted extrapolations, he weaves a pretty darn entertaining-scary tapestry of “we might as well give up now, because Big Brother is already here.” (My (accurate) paraphrasing.)
“As government agencies and tech companies develop more and more intrusive means of watching and influencing people, how can we live free lives?”
Tabulating a series of worst-case scenarios and semi-warranted extrapolations, he weaves a pretty darn entertaining-scary tapestry of “we might as well give up now, because Big Brother is already here.” (My (accurate) paraphrasing.)
Oh-kaaay. But then, Mr. Kirn, even if you are right in every respect, what’s your prescription, sir? And why do you never once even try to answer the question posed in the title of your screed?
Of course there’s no solution offered. As we saw above, jeremiads are easy. Cynical, snarled rants flow, by pure momentum, no different than the ones you wrote as a college sophomore.
Of course there’s no solution offered. As we saw above, jeremiads are easy. Cynical, snarled rants flow, by pure momentum, no different than the ones you wrote as a college sophomore.
Oh, don’t get me wrong. We need shouted warnings that we are about to lose our freedom to tech empowered hierarchs – whether the elites in question are new-lord aristocrats, faceless corporations or faceless government bureaucracies. The real reason that our myths nearly all preach Suspicion of Authority is because the danger is very real!
We are revolutionaries. And outside of the last couple of centuries in the west, no other experiment in freedom or in flattened social orders ever lasted more than a generation. I utterly share a deep, grinding worry that some privileged few will regain the kind of obligate power over our lives that kings and priests exerted, nearly everywhere for 6000 years.
Only, I'm not satisfied to smugly point and shout denunciations. As said in part 1 (above), I want to look at how we got the (imperfect/threatened) window of relative freedom we currently have. Only by understanding this will we be able to prescribe solutions and pass the imperfect gift on to future generations.
Only, I'm not satisfied to smugly point and shout denunciations. As said in part 1 (above), I want to look at how we got the (imperfect/threatened) window of relative freedom we currently have. Only by understanding this will we be able to prescribe solutions and pass the imperfect gift on to future generations.
And this Atlantic article only makes me sigh. Mr. Kirn, like almost every other privacy pundit, is so ensorceled by dudgeon that he cannot – even briefly – glance at what has worked so far. Nor at the possibility that these new technologies might empower us and our will-to-freedom…
...as they have already done, recently, in the Black Lives Matter Movement. A perfect case of technology making more of a difference than anyone wants to admit. Making the difference, in fact. And that difference was technology empowering the People, and not the Man.
By dismissing that - even as a passing thought - Mr. Kirn and other Jeremiahs show that their interest does not lie in solutions, or even revolution. It revolves around the number two lesson suckled from Hollywood flicks – right after suspicion of authority. That all my neighbors are sheep.
...as they have already done, recently, in the Black Lives Matter Movement. A perfect case of technology making more of a difference than anyone wants to admit. Making the difference, in fact. And that difference was technology empowering the People, and not the Man.
By dismissing that - even as a passing thought - Mr. Kirn and other Jeremiahs show that their interest does not lie in solutions, or even revolution. It revolves around the number two lesson suckled from Hollywood flicks – right after suspicion of authority. That all my neighbors are sheep.
== From the battlefront for freedom, transparency and privacy ==
Which is a pity, because the Big Brother trends are, in fact, very real! For example, Singapore has established Social Credit Scoring and China plans to follow suit. From a western perspective it seems spectacularly chilling, that civil servants at a monolithic government agency should track every aspect of your life and tabulate in a single number how fine a person you are being? How much “credit” you have to be trusted with things like passports and visas and even childbearing?
It is the ultimate manifestation of top down methods of governance. Whether implemented in order to smoothly deliver services in an all-swaddling nanny state or else to create the ultimate Orwellian enforcement machine, most of us over here, across the political “spectrum” would deem the whole approach to be utterly loathsome and doomed to devolve into stifling tyranny.
And yet, the author of this piece suggests that even the US cannot help but evolve, at least somewhat, in this direction. Elements of this judgment-and-reward system already exist in the U.S. private-sector credit scoring infrastructure, in our college scores, and in the United States TSA’s airline passenger “whitelist” system. Indeed, many futurists (including yours truly) have talked about Reputation systems replacing currency.
The visceral reaction is basically correct. Take an interesting experiment in militant transparency: The Open Source Party is a political movement that derives both inspiration and methods from Open Source software principles. The crux: political processes are seen as a body of code. That code, and any changes to the code, must be visible and understandable and modifiable by a free and agile user-citizen population. And I am there… in principle. Let’s discuss the principle… while pushing ahead with the practical.
== Biometrics… Schmetrics… ==
The sad thing is how many of our brave and righteous paladins of Freedom - for example at ACLU and EFF are right and righteous in their overall dedication to prevent Big Brother, yet wind up recommending the same wrongheaded prescription that cannot possibly work:
"Everybody hide!"
Over the years, I've given an insane number of examples. Here's another: in September, the Office of Personnel Management admitted that the number of federal employees’ fingerprints compromised in the massive breach of its servers revealed over the summer has grown from 1.1 million to 5.6 million. OPM adds that it’s mailing letters to all affected victims, and notes that it’s also offering them free credit monitoring. And it goes much farther.
"Everybody hide!"
Over the years, I've given an insane number of examples. Here's another: in September, the Office of Personnel Management admitted that the number of federal employees’ fingerprints compromised in the massive breach of its servers revealed over the summer has grown from 1.1 million to 5.6 million. OPM adds that it’s mailing letters to all affected victims, and notes that it’s also offering them free credit monitoring. And it goes much farther.
In The Transparent Society I talk about the difference between a unique identifier and a verifier. Your Social Security number is an example of the former. It correlates with a unique person and say, "this conversation or transaction is about this particular John Smith and no other." It does not prove that the person using the SSN actually IS that John Smith!
A password is the very opposite of an identifier. It can be changed! It can be replaced with a more secure one! Fingerprints are like SSNs. They establish who is being discussed. It used to be, when only the FBI had a database of them and they were hard to copy, a fingerprint might be used also as a verifier. That is no longer true.
In future, almost any single biometric that is unique to you might be sniffed or snooped or recorded. So we will adapt. You'll visit your local bank branch monthly or weekly and there the whole suite of biometrics will confirm who you are and you and your banker will then clean up and establish that month's (or week's) passcodes. Again we will adapt! I didn't claim it would be easy or problem-free.
But we must start by looking at fundamentals. And understanding the difference between an identifier and a verifier. One of dozens of things explained carefully in The Transparent Society.
We should hold in suspicion any and all proclamations of pure and enraged principle, unless those stances can also point to:
1. correlation with positive real-world outcomes over long time spans, and
2. an inherent ability to keep re-evaluating, adjusting and backing out of errors.
Purist declarations have been used so often to justify self-serving oppression of others and/or cheating or simple insanity, that we must deem this kind of rationalization to be one of humanity's greatest sicknesses.
That is not to say that all declarations of principle are wrong! But let's take one example -- Freedom of Speech. A core principle that most of us deem quasi-sacred, without ever pausing to ponder how the vast majority of our ancestors would have called it crazy.
FoS seems "good" to us. But that appearance is backed-up by a solid correlation with our civilization's spectacularly better rates of innovation, wealth-generation, problem-solving and fun, all of which are direct outcomes of FoS. Which must be defended with zeal AS IF it were holy, though the deepest reasons are pragmatic.
FoS seems "good" to us. But that appearance is backed-up by a solid correlation with our civilization's spectacularly better rates of innovation, wealth-generation, problem-solving and fun, all of which are direct outcomes of FoS. Which must be defended with zeal AS IF it were holy, though the deepest reasons are pragmatic.
Especially the end to 6000 years of societies wasting most of their available human talent.
Likewise, Freedom of Speech is the best way to detect errors and flaws, even in our own principles -- even in our most-sacred principles, like Freedom of Speech! Allowing us to make guarded, minimal but practical compromises that make sense to each generation. But above all, allowing later generations to fluidly argue, re-assess and back out of mistakes. That ability to keep up a diversity of viewpoints that are not repressed by either hierarchy or conformity is a palpable and inarguable strength that FoS fosters.
Am I saying we should never passionately propound principles? Not so! FoS must be shouted zealously, even religiously, or we'll not have the fervor it will take, to overcome the world's cheaters and would be oppressors (including those on our "side.") But over the long run, there must be a grounding in objective reality, or all our subjective screaming will not suffice to make a false "principle" true.
== And finally ==
A fascinating article on Cold War intelligence shows how a KGB official was able to glean patterns from the simplest details in order to uncover CIA operatives, so effectively that the CIA went crazy for years, searching for nonexistent moles. This sort of thing, by the way, is why I roll my eyes over “crypto” fans who declare that encryption of online data is all they need in order to be free forever from meddling by the oppressive State.
I have yet to meet one cypherpunk who has ever studied the 4000 year history of cat and mouse games by spies and resistance cells and secret police, dating back to Hammurabi. Of the dozen or so general types of methods used by czarist and Nazi and Communist and imperial and modern agencies to pierce underground movements, crypto can only – even theoretically – inconvenience maybe three.
Such blithe, willfully trusting fantasy and ignorance would be charming, except that these techno-romantics style themselves as our best defense against Big Brother. Fortunately… there are others.
I have yet to meet one cypherpunk who has ever studied the 4000 year history of cat and mouse games by spies and resistance cells and secret police, dating back to Hammurabi. Of the dozen or so general types of methods used by czarist and Nazi and Communist and imperial and modern agencies to pierce underground movements, crypto can only – even theoretically – inconvenience maybe three.
Such blithe, willfully trusting fantasy and ignorance would be charming, except that these techno-romantics style themselves as our best defense against Big Brother. Fortunately… there are others.
Heh. Gotta love it. Agency officers could go out to dinner with others. FSO's had to follow the rules discouraging entanglements. That's one way to spot the difference between contractors like me and the civil service I support. Socialization can look like corruption, so rules set us apart. 8)
ReplyDeleteI'm not sure flattery is the right term. Believers are flattering themselves? Hmm. Seems to me that Believers console themselves by Knowing A Truth in a mysterious world. Must be nice to Know A Truth...
The ravings about govt "corruption" seem ironic when you must jump through dozens of bureaucratic hoops to get govt travel reimbursement for simple expenses a company would simply shrug and pay. Original receipts -not images - and boarding passes! Vastly more onerous accountability... as there should be because govt has force and has money we provided under (mild) duress. Still, the bad-mouthers of govt only take this fact and turn it into a BAD thing because now govt is "inefficient" and obsessed with niggling accounting!
ReplyDeleteYeesh.
It seems your argument applies equally to those who insist that the 2nd Amendment is intended to allow citizens to overthrow government forcibly because "they" are plotting to take away our rights and freedoms.
ReplyDeleteLee D please see http://www.tinyurl.com/jrifle ... there is -- extremum -- something to be said for the "insurrectionary recourse." Barely. But we should see if it is possible to protect the value of that recourse... while insisting we also get more sane.
ReplyDeleteBut okay, let’s put aside the fact that cabal-believers suckled their SoA milk from the most relentless propaganda campaign in human history.
ReplyDeleteAnd yet, will that propaganda be propagated? As US filmmakers, eager for the larger audience, voluntarily change their productions to make it past Chinese censors? Though I suppose they are more willing to accept suspicion of US authority. I'm told House of Cards was quite popular in China.
http://www.ibtimes.com/hollywood-studios-are-self-censoring-movies-appease-communist-censors-china-says-us-2163232
By the way, I did read a book recently I thought Dr Brin might like. Flex, by Ferret Steinmetz. This is Urban Fantasy, so not your usual fare, but in this world Magic happens because people become obsessed fanatics for something they love, and that obsession bends the universe. So someone who obsesses over Origami does Origami magic. I thought Dr. Brin might like it because the main character does Bureaucracy magic, and his love mainfests in the forms and the order that bind civilization together, that let even the weak hold the mighty accountable. As he fights someone with loves-primitive-living-on-the-savanah magic, there's lots of paeans to civilization. And the sequel is just as good.
Thanks for the inspiration, David.
ReplyDeletehttps://en.wikipedia.org/wiki/Espionage#Early_history
Many cool threads to research further.
I was tempted, Alfred, to insist that "barbarians" only meant "bearded ones." But I won't.
ReplyDeletePiers Anthony suggested that at one time only accomplished swordsmen shaved, as a way to impress the enemy of their skill with their blade (and how sharp it was!)
I love how Dr. Brin included /fun/ as one of those metrics of success. Fun is serious stuff for hominids. Without it stress levels rise, glucocorticoid hormones weaken the immune system and we have all sorts of huge health problems, many of which are created by our 'manly' hyper-competitive cultures.
ReplyDeleteAnd on the subject of fun, I was surprised how few people commented on the hint he dropped about an up-and-coming book. Loci's rants do distract, don't they? Might we be in for more cetacea ad astra in the near future?
Well this is pretty disappointing. I see the topic and figure I can find multiple reasons to argue with Dr. Brin. But, Ave! and alas, he speaks sense that would be hard for any segment of the political spectrum to really dispute.
ReplyDeleteI figure the comments section will be truncated and bland unless somebody brings up the carbon footprint of NSA server farms and how they make polar bears cry. (tongue in cheek btw, hope I can get away with it here...)
Tacitus
Oh look, the Japanese venus mission has been salvaged.
ReplyDelete>>“crypto” fans who declare that encryption of online data is all they need in order to be free forever from meddling by the oppressive State.
ReplyDeleteI agree with the sentiment. In my analyst days, I would encounter encrypted files from time to time. Rarely, if ever was crypto properly implemented, and instances of leaking information in unencrypted channels approached 100%. Crossover use of user names, weak passwords, social network analysis, geolocation, third party info disclosures (the biggest, most reliable source IMO) , and unpatched software made crypto largely a non-issue. And that's just the publicly discoverable stuff. You wouldn't believe what foreign military and government members will include in social media selfies.
What folks really need to be free of a potentially oppressive state are social norms and structures resilient enough to accept pushback from the bottom. Which Dr. Brin argues rather persuasively are already in place, simply requiring some updates for the 21st century.
As an aside, I think a very effective bulwark against abuse at the NSA was the norm that considered breaking the rules a matter of bad taste. While technological restrictions tended to be onerous and hamfisted, the perception that a good analyst Did Not Do Things That Way was widespread and repeated to me frequently. Unfortunately its a lot easier to make an engineering change than fix a professional culture.
ReplyDeleteThe SoA (Suspicion of Authority) & Sheeple Memes are (of course) gross over-simplifications designed to mask the more sinister implications of human interdependency, relationships & egalitarianism from ourselves & others so that we may function collectively, for it is not authority that we have to fear but ourselves.
As touched on by Tu'an in 'Dominance & Submission: The making of pets', human beings are more analogous to predatory vermin than harmless sheeple because (1) human relationships are fluid, non-fixed & subject to frequent reversal and (2) human beings are involved in a constant struggle for even minor social advantage.
In this sense, the 'Sheeple' concept is a rather predatory ideal, derived from our desire to become akin to a (godlike; predatory; unchallenged) shepherd who presides over the most tasty, defenseless & submissive of sheep, even though (indisputably) this is also the basis of our so-called civil society.
Collectivism exists then, not because of altruism, humanism & our inherent goodness, but only because we can derive 'advantage' from each other, regardless or (even) despite any perception of mutuality.
This is a hard lesson to learn, but one taught incessantly by observation, experience, history & folklore, to those who are willing or unlucky enough to learn, and we count the most responsible members of society among our number and (mostly) we choose to persevere despite the constant predation visited upon us by a horde of users, rodents & reptiles.
We all succumb, eventually, one way or another: It is inevitable.
Collecting metadata, scores & rankings are predatory acts.
Best
Cogent, this time. Well-spoken and even logical assertion. Almost terminally cynical but not as simply refutable as the normal counterfactual screed. Only note that it is absolutely and religiously zero sum.
ReplyDeleteThose open source party guys must have had very different dealings with open source maintainers than I have. It's very hard to see how any of those guys could inspire anything (other than the ability to see the code). None of them care a whit for their users (and have stated so). They only care about developers (again, they have stated so). This is the equivalent of the law maintainers only caring about lawmakers. For every single one of the maintainers I've tried to deal with, users a at best a necessary evil.
ReplyDeleteAnd while, in theory, anyone can make suggestions, those suggestions absolutely will not be considered unless you jump through their very precise set of hoops (which you will not receive help on). 'Patches cheerfully accepted'? In a pig's eye.
And in any case, part of the whole point of open source is that if you don't like it, you can make your own or fork the existing code. This does not work for laws, as it leads to different people following different sets of laws (or 'diversity' as some want practiced in the US, or looking at it a slightly different way, a caste system).
So the only thing I think I agree on with them are the transparency and accessibility parts. Using how open source appears to me to deal with modification is pretty much what we have now. And I don't like that much.
I don't like gerrymandering committees that meet in lawyer's offices to divvy up power so they can claim client privilege. I don't like law changes that deem drafts of legislation and their sources to be irrelevant. I don't like a lot of stuff.
The ravings about corruption DO go to far, but they have a sound foundation. Government procedures don't face the same natural selection features private corporation procedures do. Screw up bad enough in the private market and the company dies. Government agencies tend to survive even if the people get moved around. I accept the different standards applied, but I do so with a libertarian's smirk. One way to avoid the double standard is to bias our preference in favor of the private sector when providing for the social good. If a service can be provided equally by both, I prefer the private variety in order to simplify how we apply standards for good behavior.
ReplyDeleteThose poor polar bears. Something Should Be Done!
ReplyDelete@locumranch: Something to consider to test your own drift toward self-delusion.
ReplyDeleteWhat would the world be like if collecting metadata, scores & rankings were not predatory acts? In what way would it be different than what you imagine it is?
This kind of question is worth asking every so often to test one's assumptions. If the answer is 'not much' then it is possible we don't have enough evidence to distinguish the world from the alt.world and must model it as both in the quantum sense.
@Alfred Differ:
ReplyDeleteYou understood that? I've read it four times and still can't find a thesis, or how it relates to the OP. Each sentence seems to contradict the previous one. Fuzzy pronoun use is making it unclear who exactly he views to be vermin.
This goes on for awhile, but perhaps it can distract Tacitus from the polar bears...
ReplyDelete---
"In The Transparent Society I talk about the difference between a unique identifier and a verifier.
Your Social Security number is an example of the former. It correlates with a unique person and say, "this conversation or transaction is about this particular John Smith and no other." It does not prove that the person using the SSN actually IS that John Smith!
A password is the very opposite of an identifier. It can be changed! It can be replaced with a more secure one! Fingerprints are like SSNs. They establish who is being discussed. It used to be, when only the FBI had a database of them and they were hard to copy, a fingerprint might be used also as a verifier. That is no longer true.
In future, almost any single biometric that is unique to you might be sniffed or snooped or recorded. So we will adapt. You'll visit your local bank branch monthly or weekly and there the whole suite of biometrics will confirm who you are and you and your banker will then clean up and establish that month's (or week's) passcodes."
You switch from considering biometrics (like fingerprints) as a mere SSN-like identifier, to the bank branch using biometrics as a verifier as well. (A master password that allows them to generate all other passwords for me.)
If "In future, almost any single biometric that is unique to you might be sniffed or snooped or recorded", then everything that the bank is using to verify my identity is readable by anyone else. Essentially I'm writing my master password down on every surface I touch, showing it to every camera or bio-sniffer I pass.
And judging by the way biometrics has developed, every such "code" will eventually be able to be imitated by technology. At least well enough to fool the detectors. Allowing a bad actor to duplicate your fingerprints, your iris, your retina-print, even manufacture a copy of your biome; to wear your identity like a suit. Especially when the "verification" process at the bank branch is cheap and automated, as it would need to be.
You may consider that some combination of biometrics will be beyond such mimicry, but that's what we were told about fingerprint scanners. Billions-to-one accurate, impossible to forge. Yet today there are still high-end scanners that can be fooled by a fingerprint printed onto paper, simply because the manufacturers believed their own hype.
If you listen to the "obscuritanists", they repeatedly warn that society is being tricked into putting too much faith in biometric systems by those selling biometric systems and those who want to use biometric systems. For example, systems that identify people by their gait are wildly inaccurate. Yet such systems are being embraced by security services in order to target criminals. With the result that people will be killed over misidentification.
More broadly:
ReplyDeleteThe same obsuritanists also warn that society is being tricked into trusting the powers-that-be to keep our information secure.
David, you repeat examples of the failure of large databases to be secure, yet you use those examples to reject the prescriptions of "obscurity fetishists", to mock them for wanting to hide.
The vulnerability of those large databases (such as the government employee database) is not just that security can be broken, it is in their very nature as giant centralised databases containing everything the powers-that-be can hoover up about you. (Whether "the powers" are government, security, or corporate.)
There is a constant push towards compiling larger and larger databases, with more and more information about more and more people, all cross-linked and indexed and ultimately tied to a single unrevokable identity for each person. Such databases are powerful and efficient, that's why they're so attractive. It makes it easy for a small number of people to extract a large amount of information about a large number of people with minimum effort. And the problem is that it makes it easy for a small number of people (authorised or not) to extract a large amount of information (regardless of the intent of the database) about a large number of people (without their knowledge) with disproportionately little effort.
It empowers those with access, while making the rest of us more vulnerable to a single-point-of-failure controlled by people who don't have our interests in mind, at all.
It's the pyramid model of data, a tiny group on top with access to everything.
"Reciprocal accountability" doesn't solve the issue. "Watching the watchers" doesn't solve the issue. It's the very existence of the giant databases that is the issue, their centralisation of power. The solution is not to try to create a patch over them, a pretence of "looking back", the solution is to break them up. Even talking about "Reciprocal accountability" is using the wrong model of the problem. We didn't end monarchies because we put windows in the Palaces, we ended them because we took the King's power and scattered it. The "looking" only serves to find the databases, to identify the powerful, it doesn't do a single thing about them.
Those you mock - the obscuritanists, the crypto-fetishists - want small databases, independently secured, each with only as much info as that specific transaction absolutely needs, multiple identities for different transaction types, as little connection to your IRL identity as possible, multiple overlapping crypto systems for transactions with no single point-of-failure, multiple systems of obfuscation to make it harder to remotely target individuals without expending a lot of effort. Those small databases will fail, but the cost of each failure will be smaller. Indeed, the guiding principle is to make the cost of failure small.
The flattened-diamond model of data. Distributed, decentralised.
It's not perfect, and it's going to be hard to do. The trend in the other direction is powerful and dominant. But it's better than not even trying, believing that the centralisation trend is inevitable, mocking those who try.
I said: "Multiple identities for different transaction types"
ReplyDeleteThe powers-that-be hate this. Again, whether those powers are government, security, or corporate. They all want transactions linked to your real identity, even if it's not in any way required for the transaction itself.
And just like the centralisation of data, the centralisation of identity creates the same vulnerabilities.
For example, I use a pseudonym online whenever I can. Paul451 obviously isn't my legal name, but it is a consistent identity across multiple sites. However, unlike my legal name, it's a manufactured identity, so it is ultimately disposable. If a bad actor is able to destroy my online reputation (whatever that's worth), or merely steal my credentials, then I can discard this identity and start again. I won't be happy about that, but c'est la guerre.
Importantly, I can revoke and renew this pseduo-identity. And doing so depends only on my own efforts. My ability to start again does not rely on Google, the government, my bank, or even a site admin. It's inherent in any system that allows me to use a separate online identity that I can create a new one.
If, however, everyone insists that I use my "real name" (a la Facebook and Google), I cannot change it. If someone steals my access, locks me out, trashes my reputation online and hence IRL, I am left trusting those companies to care enough to have created a system whereby I can recover my accounts. But even if I can regain access, I am always going to be left with the legacy of that breach on my reputation for every form of transaction, because of the insistence on linking to a single unrevokable identity. You want me to trust "reputation companies" will solve the problem. That shifts the power to another level, but not back to me.
[If you've ever dealt with such a situation, you know that the powers-that-be never make it easy for to fix their mistakes. Hell, they rarely even understand that such failures are possible. So it's not enough to be protected from wilful abuse, we also have to be protected from negligence. The latter shouldn't be underestimated. The imbalance of power is so great that mere indifference by those in power can destroy people's lives. It doesn't require active malevolence.]
David, you advocate an even greater centralisation and linking of identity. That my bank (or someone like it) will essentially become the sole arbiter of my identity, hence controlling my access to everything I do.
You can't see the problem with that single-point-of-failure?
"Such blithe, willfully trusting fantasy and ignorance would be charming, except that these techno-romantics style themselves as our best defense against Big Brother."
Right back attcha.
@KB: Only part of it. Our locumranch gets his xenophobia on occasionally and views many relationships as predatory that we might view as innocent. For a predator, the world is essentially zero-sum. Eat or be eaten. Testing one's assumptions rarely changes a predator's mind, but I'm hoping an intelligent one can see that their world model can't distinguish what they believe to be true from what they believe can't be true.
ReplyDeleteCollectivism exists then, not because of altruism, humanism & our inherent goodness, but only because we can derive 'advantage' from each other, regardless or (even) despite any perception of mutuality.
See how the assumption is placed here? Collectivism exists because of X. People who believe otherwise are going to be used/enslaved/turned into pets or something like that. He is assuming only one explanatory narrative can apply successfully to the evidence. His medical training REALLY SHOULD have taught him otherwise, but not everyone generalizes from specific lessons.
Paul451 sorry but I disagree down the line. We are seeing again and again that there is a solution when one group tries to control the cameras and blind watchers. The only solution is more eyes, more watchers, more cameras. Police are being indicted RIGHT NOW for breaking cell phones and erasing recordings. when they thought no one else was recording... but were caught in the act. This isn't theory. The empowerment of citizens through sousveillance and reciprocal accountability is happening. Right. Now.
ReplyDeleteBanks aren't "centralized" if you have a plethora to choose from and they are regulated to stay transparent. Anyway, you seem to think that faking a person's entire suite of two dozen (that we yet know of) biometrics will only be maybe twenty times as hard as faking one like fingerprints. Utter malarkey. If your local bank has a stationary, hi quality booth that checks finger bone length ratios and eardrum resonance and DNA... OMG if you fake all those then you've made a clone and even so, there's the stuff you know. that a clone won't and the long healed scar tissue...
Jeez man, try actually doing the thought experiment.
@Paul451 says: If "In future, almost any single biometric that is unique to you might be sniffed or snooped or recorded", then everything that the bank is using to verify my identity is readable by anyone else. Essentially I'm writing my master password down on every surface I touch, showing it to every camera or bio-sniffer I pass.
ReplyDeleteMy biometric information identifies me as me. That information in combination with location, time, and other bits of context verifies my presence in that context, but does not work well for verifying my willing participation in that context. Biometrics shouldn’t be enough for transaction VALIDATION. Something I know will have to be combined with my presence in context and encrypted as a package to validate my willingness. Passwords are going to have to remain things we know, but alone they will never be enough.
Encryption IS useful here, but not for masking what is happening. It is for validating what is happening. Encryption can eventually be broken or made vulnerable by procedural flaws, but if time is part of the context and the knowledge associated with validation is spread widely, we can mitigate risks associated with false validation statements. The BitCoin people do this to some degree by distributing the validators.
I believe in black helicopters.
ReplyDeleteWhy? Because I believe in helicopters, and I believe in black paint. I even have heard the US Special Forces operate such aircraft, and they apparently are not very popular because all the fancy extra gear makes them heavy and very hard to fly.
On the matter of biometrics and passwords, I just had the notion of having some unique movement as a "password." I'm a guitar player and songwriter; I pictured myself at an ATM playing air guitar in front of a motion detector like a video game, except it would be a few seconds of riff from a song I wrote. If anyone wants to access my account, they need to be able to play my song like I do. Others might mime a bit of knitting or a yoga pose, whatever they're into (combined with their personal dimensions and other biometric markers).
Naturally, in a hundred years (heck, in thirty?) it will be a trivial challenge to copy all that too.
I suspect the key to defending validation statements is going to be our willingness to change the passkey periodically. Even if someone with a lot of resources is trying to fake statements about you (crack your stuff), you have some defense if you change things quickly.
ReplyDeleteThere probably IS a value to social credit scores. If mine plummets, that would be a signal to get to the bank and change my passkey immediately and to increase my frequency for doing so until the score improves. People with the lowest scores will collect the fewest defenders no matter how many choose to go for their throats.
Social credit scores don't bother me too much. I've seen rudimentary ones at social media sites. People learn to game them and when they do it successfully, most others learn to ignore them. These scores are essentially information compressions and aren't new. The price of a commodity compresses a great deal of information about its many uses and how people prioritize access to it when the economize. Prices work extremely well, though, mostly because no one controls them. They are emergent information. I suspect useful scores of other types will be similar.
Security is never perfect, you try to figure out your biggest threat and do something to make it smaller. So hiding might be appropriate in some circumstances, though not a panacea. No one wants to wear a bulletproof vest every day, and it wouldn't stop a high calibre round or an atom bomb, but if you felt like someone is likely to shoot at you, you might wear one until the feeling wore off.
ReplyDeleteThat said, inconvenience prevents most people from using adequate security. So we're discussing the appropriateness of hiding in a world full of people who refuse to hide. The security guys are like a pair of puritans at a nudist colony, their recommendations fall on deaf ears.
As for conspiracies, the stuff "they" brag about is usually bad enough, I don't feel a need to speculate about what "they're" hiding. ;)
David (Brin),
ReplyDeleteYou don't see that you are doing exactly what you accuse the crypto-fetishists of, believing that your one trick will solve the problem. Ignoring the number of times it's failed.
Only your "crypto" is biometrics.
I suspect it's because you believe (at least subconsciously) that the biometric reader is measuring the actual thing. Ie, it measures something "real". A "fingerprint reader" reads the actual fingerprint on your fingers, the "DNA reader" reads your body's DNA sequences, etc.
But fingerprint readers don't "read" your fingerprints. Many just take an image of whatever is in front of the reader, convert it into a high contrast image, and look for certain points of line overlaps/intersections. Hold up a high contrast image of a fingerprint (which you leave on everything you touch) and many readers are completely fooled. If you know the algo, you don't even need an image of an entire fingerprint, just marks for the check points used by the scanner software.
[Others require more work, they use a laser to create an interference pattern from the pattern of bumps, so you need to actually make silicone-rubber moulds; but instructions are available online. And you write your "password" on every smooth surface you touch. (Even worse are the databases that store actual images of fingerprints. The equivalent of storing a list of passwords in clear-text.) ]
And the same weakness lies behind every biometric marker. It's the nature of the technology. If they can be read, they can be faked. Looking at the history of biometrics, they tend to be much easier to break than most forms of crypto. And their vendors are much less trustworthy, and their entire industry much more prone to hype and over-reliance on unproven novel systems. Worse, of course, is that the actual biometric reader doesn't even need to be beaten, chances are that the rest of the bank's network that connects the biometric system and password generators leaks like a sieve.
Note: I didn't say that this would be easy. My concern is that it is irreversible. You are turning a single system (the bank's biometric reader) into an unchangeable master password upon which every other form of access depends. Basing my entire electronic/financial security on such a system terrifies me.
I said you're doing what you accuse the crypto-fetishists, the obscuritanists, of doing. But in reality they are much less extreme than you. They want multiple solutions, each of which they know is incomplete. Laws/regulations/limits on governments and corporations, and public oversight, and personal ownership of crypto, and public awareness of the issues, and wilful obscurity, and consumer shunning of companies that don't exhibit best practice.
TCB,
ReplyDeleteRe: Movement based biometrics.
In order to be useful, the system has to deal with the variation in normal people doing things. That means the biometrics has to be "soft". That weakens its ability to deal with spoofing. It's like have a password system that has to let you pass if you're "close enough".
In which case, will the system be able to deal with a tablet held up in front of the camera showing a video of you doing your signature move? Based on a micro-camera hidden near the original reader, recording you earlier. Will the makers even think of the possibility, given how confident they'll be in their own system? (Judging by previous biometric efforts. Fingerprint readers that can be fooled by photocopies. Facial recognition systems that were never tested on non-white participants, or can be fooled by masks.)
I guarantee such a system won't take "a hundred years" to be cracked. I'd be surprised if it could last a single weekend at DEFCON or a similar convention without someone figuring a work-around.
Paul that's baloney. Biometrics are not my "only thing." The one thing that stops or deters bad people from doing bad things is accountability, and that can happen in many different ways but all of them depend on light. Bad or villainous people are allergic to light. That's the core truth.
ReplyDeleteBiomentrics at your bank will pragmatically help. But the best way to deter someone from pretending to be you in order to steal stuff is DISAVOWAL. "I didn't do that." Which draws attention of other eyes to the event in question. And enough curious investigative eyes - plus rewards for whistle blowers etc - will catch most miscreants.
I am talking about real stuff. Real events, and real history. It is happening on. Our. Streets. Right. Now.
The cypher zealots, in contrast cannot point to a single consistent success... amidst a bazillions flawed or failed efforts. Not. One.
Your objections to biometrics only apply separately not in aggregate. Not when you take your physical body to a bank booth where all of them can be compared at once... with new ones being included monthly. Come on man. Envision it. Truly you thing that can be spoofed? Dang, YOU should write sci fi.
The key to password security isn't changing your password frequently.
ReplyDeleteInstead what you need is a long password - the more characters the better. It can be a sentence you think of or a quote you enjoy or the like... but if it's long enough then some stranger or hacker won't easily get the password unless they utilize the human element (ie, call in and pretend to be an employee of another company that needs access).
And then you have to choose a different quote for every single password-user account you have. Even if one password falls, it will be difficult to get the rest.
And best of all? It's easier to remember a quotation or a phrase than it is a random jumble of characters.
xkcd explained it: X2^k#T is far easier to hack than something like Fearisthemindkiller. And you can even spice it up as F34r1sth3m1ndk1ll3r.
Rob H.
David,
ReplyDelete"Not when you take your physical body to a bank booth where all of them can be compared at once..."
Every single biometric system every created has been hacked. Every one. Biometic scanners do not measure "your physical body", they measure proxies. Images, sounds, chemicals. If technology exists to read a signal, it exists to fake a signal.
The readers are connected to machines, to computers, that run software. Systems that need to be updated and maintained, that have USB slots and standardised plugs. Those systems will then connect to the broader network (otherwise each person is limited to only one booth at only one branch) which uses standard internet protocols, which will be as vulnerable to breaches as every other database that's been hacked. They will not have a customised bespoke system, they will use standardised components. They always do. And those systems only need to be breached once to make everyone vulnerable.
At the most recent DEFCON, one of the most prestigious bank safe makers (Brink's) had their new "digital" safe cracked in sixty seconds. The hacker didn't guess the password, they didn't even touch the reader. They plugged in a USB stick which simply overwrote the software and bypassed the whole system.
(I've seen fancy biometric safes which can be opened by gently dropping them a few inches.)
((Many home-detention ankle-bracelets can apparently be removed by wrapping them in metal foil or using a cell-jammer before you cut them off. The makers never considered that the criminal trying to remove their digital shackle would dare to prevent the alarm from connecting to the phone network. Others can be tricked by spoofing the GPS signal with a simple radio.))
"with new [biometric systems] being included monthly."
No company or agency is going to roll out entire new biometric systems every month to hundreds of thousands of branches necessary for every single person in the country to renew their passwords every month. Any system put into place will be updated once per decade at most.
Your country is struggling to get banks to adopt chip'n'pin to replace the 45 year old magnetic stripe cards.
Speaking of "renewing their passwords every month"... If you could get people taking that much interest in their security, we wouldn't have a fraction of the malware, spam and identity theft that we have today. I mean, spending an hour or two to refresh their entire security once a month, every month. That idea alone is deep fantasy.
"But the best way to deter someone from pretending to be you in order to steal stuff is DISAVOWAL. "I didn't do that." "
That's really naive. It's like people who suggest that password systems should lock you out after X failed attempts. You can't see the vulnerability you just opened up?
"Which draws attention of other eyes to the event in question."
Except it doesn't. Have you ever had to try to prove that someone pretending to be you is not you? It's not like there's sudden interest, "a crime has been committed!", and everyone pays attention. You get some call-centre gimp who just doesn't care.
You depend entirely on the "good will" of the organisation you are dealing with. Many of them, or at least the people you deal with, aren't even aware of the possibility of identity theft. After all, their financial interest is not your financial interest.
Or Google's "Please prove you are not a robot", which we discovered could simply be left blank.
ReplyDeleteWhillikers. I am the ONLY one who does not "depend entirely on the "good will" of the organisation you are dealing with." You have just proved that you haven't even the remotest clue what I've been talking about.
ReplyDeleteYou guys are making it all too complicated
ReplyDeleteSecurity costs money
You need security in line with what it is protecting
Which means a different system to protect millions of dollars than thousands
We (NZ) have a simple system
(1) Level One - login and password
I can transfer/pay up to $300
(2) Level Two - login and password PLUS an additional code that is sent to an entirely separate system (my cell phone)
Up to $10,000
(3) Level Three
Personal visit - identification - delays to check everything
Buying a house - cost a lot!
Each system is recorded
The bank has insurance against any "clever" breaches
Not a major problem
The main idea is to use two separate systems - internet and cell phone for moderate security
As far as
"Have you ever had to try to prove that someone pretending to be you is not you?"
I have had to do that twice in my nearly 60 years
Each time it was easy,
Somebody pretended to be me in the UK - it was local so I just turned up with ID
I had bogus charges on my credit card in NZ
Just one phone call reversed the charges and arranged for a new credit card with a different number
On that point I have a card with a high limit for "emergencies" which is never used and a card with a low limit for internet shopping
Somebody called RG has just posted this on one of the older threads
ReplyDeleteAny Comments???
You state that my project to restore the ocean pastures in 2012 was a rogue effort. Why do you promote this lie when the fact is that the project worked for many years with 9 government ministries in Canada who over those years carefully vetted the project. The government of Canada even took an active and financial position in the work by offering international guarantees, directly subsidizing the salaries of science employees whom they vetted and approved to be hired, provided state of the art satellite resources and training, and many other elements of support to the project. You seem to have swallowed hook, line, and sinker the lies promoted against me and that project, the question is why?
Further the project science plan was cloned from a plan endorsed and promoted by leading oceanographic institutes from around the world as being the appropriate next step in 25 years of R&D on restoring ocean plant life. Why do you continue to foment lies and misinformation about this work. Could it be that you, like so many profits of doom and gloom, feel threatened by work that has now proven that by caring for Mother Nature billions of tonnes of CO2, the lions share of the climate change crisis, can be effectively, immediately, safely, and sustainably managed at a cost of mere millions of dollars per year as opposed to the trillion dollars per year in new climate taxes being proposed at the Paris COP21 meeting. Or is it the billions of additional fish that will swim into our nets and onto the plates of hungry people the world around helping to end world hunger that worries you, again at a cost of a fraction of 1% of the funds being spent not solving that problem today. http://russgeorge.net/2015/11/16/a-practical-solution-to-world-hunger/
To the defense of paranoids everywhere, the various powers that be (governments, businesses, religious...) are really not helping their cases to make us trust them. Virtually each organisation with power has enough skeletons in their closets to populate a necropolis and a very loose (sometimes sociopathic) definition of morality.
ReplyDeleteFor example, how do you trust the French 5th Republic when their past actions include torture (Algerian independence war), terrorism (Rainbow Warrior), criminal presidents (Chirac). Other democratic governments also have a lot of sordid actions in their histories, I just picked France because it's not one of the more known rogues to many.
How do you trust large banks when they still operate as casinos gambling with other people's money, bribe/finance campaigns for politicians to look the other way ?
Or how about diamond traders that have no moral qualms about buying diamonds from warlords or simply mined in horrible conditions ?
And the less said about the Catholic Church the better.
In each case they did their darnedest to cover up those actions and considered themselves perfectly justified in doing so. (for the greater good/bottom line) Also notice how few have ever been punished by more than a slap on the wrist for these previous actions. The worse part is that all this is considered perfectly normal/acceptable in the world of "realpolitik" and everyday business and that anyone in those that tries to go against that sort of behavior is considered mentally defective/naive at best or dangerous at worst.
So naturally, if you have a history of behaving like a rogue or join a group with such a history, people are going to assume by default that you are a rogue and are up to no good. No need for the media to repeat the SOA meme when our powers are doing such a good job themselves of appearing untrustworthy.
Duncan,
ReplyDeleteinteresting but confusing (besides his misreading of David Brin's position)
"You state that my project to restore the ocean pastures in 2012 was a rogue effort. Why do you promote this lie when the fact is that the project worked for many years with 9 government ministries in Canada who over those years carefully vetted the project."
Huh - many years - together with 2012? Was this project started in 2012 or was it ended in 2012? Besides that, I always get annoyed with money illusion - people talking about environmental projects and money in the same breath. Money is in a global sense irrelevant. Money is how people keep score against one another, the earth doesn't care the least about it.
I've always said that as much as I would like to keep my privacy - I'd be very willing to give it up as the cost of having the government giving up its privacy.
ReplyDelete
ReplyDeleteAs Manny Ribera said to Tony Montana in Scarface (1983), there is such a thing as "too much (efffing) security" and, although David has always said as much about encryptions, passwords & HIDING as proof against surveillance, it is easy to see why Paul451 misunderstands this word-woozy 'accountability' argument.
Like many, Paul451 does NOT understand that 'accountability' is a PC euphemism for (reciprocal) predation. That's how reciprocity works ... by preying on the would-be predator (aka 'a cheater'), giving tit-for-tat (sousveillance for surveillance) and 'calling them to account'.
Of course, this message has been hidden under a pile of 'Better Angels of Our Nature' fertiliser which, along with confusing bunnyesque vulnerability with cultural advancement & enlightenment, tends to accentuate the New 'Victim as Hero' mythos that our degenerate culture has propagated.
This is the hidden cost of urbanisation: When we live in warrens like defenseless bunnies, then defenselessness becomes a virtue & we become as bunnies, which (in turn) allows the most innocuous of ferrets (foreign OR domestic) to wreck havoc upon us, leading the bunny collective to demand an ever more secure ferret-proof fence, so bunnyland may remain undisturbed.
But that is NOT the answer: Accountability is. Mutual Predation is.
Best
Encryption doesn't stand up well when subjected to prolonged analysis, either.
ReplyDeleteOne of my (many) temp jobs was at a company in Seattle that was recovering data from seized hard drives belonging to a major tobacco company. Their effort was to recover "deleted" emails and files from those hard drives, in order to prove what the tobacco companies knew about various health risks and when they knew it. By the stage I was involved in, the "deleted" segments had been converted into a format readable by Excel; our job was to find related segments so they could go in the same Excel files for further analysis. (I rather wish I knew less about biology than I did at the time; if you know what the various terms they use mean, those papers were quite disturbing at times...)
Now, these were people who not only encrypted their data, but tried to delete it before it could be seized; they had every reason to want to conceal all available information regarding their activities. Their resources were not inconsiderable, as well. Yet even their crypto could only stand so long against a concerted effort to decipher it. Encryption is a piece of the puzzle, but not the entire solution.
Banks aren't centralized (in an informational sense)? When they all use the same 3 credit bureaus?
ReplyDeleteOne wise man I know once attempted to teach risk analysis to some cavemen. It's pretty simple. The simple equation is the risk of something is equal to how often it happens times the seriousness of the result if it happens. Included in the seriousness of the result is how hard is it to fix the result and whether there is residual damage even after being fixed.
Unlike Duncan, proving that I was me and someone else wasn't was nearly impossible. Bureaucracies simply don't care, because your problem causes them no pain.
No identification/authorization/verification scheme is perfect. They will all be broken. And it seems more likely that it will happen at banks. After all, that's where the money is.
So it comes down to being able to cut out some majority of the damage, and being to restore correctness in proportion to the damage.
The biggest problem with database security is that they stick them on the internet. And that there's little damage to doing so, as the use of the data by miscreants doesn't harm the owner of the database.
Walter Kirn's article in the Atlantic that David referenced was rather stupid, I thought. I would bet he was one of these rude clowns who, when asked by Facebook if he wanted to "help find friends" when he signed up, quite happily uploaded his email contact list to them. And apparently he has all sorts of apps and gadgets on his phone which he equally thoughtlessly loaded without a care in the world. I would also bet he had never done a thing about trackers, and even likely keeps all cookies on his machines forever.
ReplyDeleteI'm not really all that paranoid, but I don't like spam, and I don't like snoops, so I do routine things that cost me little effort, and I'm not bugged by the stuff he is.
I delete my Google cookies too, because machine intelligence is woefully unable to determine what I'm looking for. Amazon tries to come up with suggestions for me, and they are clueless. And I like Amazon, but they aren't having any sort of success with those attempts. I suspect hubris on their programmers' part, and the same with Google.
Myself, I prefer to have a bank where I can actually go and talk to the person in charge of my account personally and who knows me by sight. I suppose if someone really wanted to he could use a disguise but I rather doubt it would work contrary to what the movies tell us unless I have gobs of money that makes it worthwhile for the thief. I do use online banking but if I go above a certain amount, my bank calls me to confirm it. I am all for biometrics but I would prefer it to be attached to actual physical verification. If in the future bank branches disappear then I would have to adapt but I would prefer to pay more for banking services in order to have a real person in front of me to bitch to if something goes wrong.
ReplyDeleteI am sure if the NSA wanted, they could have all the information about me even if I use fake names and encryption but that doesn’t bother me since I am not into illegal activity. If a Snowden want to rummage around my messages because he is bored, I don’t give a damn. If I really wanted to keep an activity secret, I would not use electronic media whatsoever but instead use the many other ways that do not use electronic means. It is just common sense. Of course, I do use encryption and other methods to avoid identity theft but that is about it.
The easiest way to get sensitive information on a person, a company or government is by corrupting a mid-level IT person. All communication passes by them. Often they feel underpaid and underappreciated and therefore open to manipulation by an astute person or organization. Sometimes they even do it for “moral” reasons or maybe because his boss yelled at him. That is the real weakness in keeping information secret and unless you can cut that off then expect your personal details or that of your company will be revealed from time to time.
Also I don’t use Facebook not because I am paranoid but because I don’t see a real use for it. I am of the generation where if I want to talk to a friend or family I call them up or see them and exchange pictures by email or whatnot. I guess that means I am retro and out of the loop but I don’t care. I don’t see the need for advertising my life to people I hardly know. My ego is not tied up into how “friends” I have.
Douglas, it may be you know more about the internet than certain younger people who can't seem to do anything with it except Facebook.
ReplyDeleteJumper,
ReplyDeleteRe: "Clueless" targeted ads/recommendations.
You have to remember that the ads and recommendations aren't for you, they are... well, "against" you.
That is, the correct assessment of their value is whether it increases the number of hits or sales for the advertiser, not whether it's useful to you.
If their response rate to non-targeted ads is 0.01%, but with targeted ads it jumps to 0.03%, from your point of view the relevance of the ads/recommendations went from 99.99% useless to 99.97% useless. From their point of view, it's a 300% increase in sales.
The different experiences that Duncan and Raito had recovering from fraud demonstrates my point. They both depended on the "kindness of strangers". Duncan's organisation (bank?) had empowered their staff to make common sense judgements about fraud/identity issues. Raito's organisation didn't.
ReplyDeleteThe key is that neither of you were able to affect that situation. All of the power to resolve the problem exists outside of the hands of the people actually affected. You depended entirely on large organisations deciding to help you with your problem. (Even though it was their systems which were defrauded or breached, it was your problem.)
Whenever that kind of imbalance exists, we must assume that external force needs to be applied. And I'm guessing that the NZ bank was fairly highly regulated. They would have been slapped by a regulator if they failed to implement such policies. Those regulation only exist because of past difficulties people had with recovering from fraud.
Raito's organisation was... well, probably in the US. 'Nuff said.
Duncan,
ReplyDeleteRe: "scale of risk vs scale of security".
That's a pretty standard security trope: "Always make it cost the enemy more than the information is worth." But the way you describe it, it sounds like it's actually law in NZ?
Anyway, that's a good example of the danger of allowing larger and larger databases containing more and more information about more and more people. There's an imbalance in "what the information is worth".
History says that databases will not be secured according to the cost/value to the people on the database, but according to the cost/inconvenience to the organisation that controls the database.
The cost of securing the asset, and the cost of recovering from a breach, is pretty much the same for the organisation regardless of the size of the database. But the cost to the people on the database increases exponentially as the amount of information on the database increases.
Same for the attackers. Giant all-seeing databases are huge assets, hence attackers can justify spending millions on their attack. Otoh, mandating small databases, containing (by law) as little data as possible for any given transaction, are worth much less to attackers. The cost of recovering from a breach is roughly the same for the database owner, but is much smaller for the people affected. It brings the scale of cost/risk back into proportion.
The same cost/risk scale should exist for the exercise of power. Making cost proportional to the number of people affected, and the scale of the effect. Smaller databases, with minimum information makes it harder to abuse power.
I'm not bothered that a government agency (NSA/etc) can hire an analyst who can target me by painstakingly pulling together the thousands of disparate electronic threads I've left behind. The cost of doing that means that they'll only do so when it matters, so it's innately self-regulating. What concerns me is having a single giant database automatically vacuuming up all the data, from all sources, in a format that's already cross-linked and indexed, that requires almost no skill to use. It means that it costs a tiny amount to target millions of people at a time. "Reciprocal accountability" isn't even remotely adequate to deal with that kind of disproportionate power.
(Jon S's example shows the same effect. It was targeted, time-consuming and specialised. Therefore is only attempted when the issue is large enough to justify the cost. That's the balance we should be aiming for.)
locumranch:
ReplyDeleteThis is the hidden cost of urbanisation: When we live in warrens like defenseless bunnies, then defenselessness becomes a virtue & we become as bunnies, which (in turn) allows the most innocuous of ferrets (foreign OR domestic) to wreck havoc upon us, leading the bunny collective to demand an ever more secure ferret-proof fence, so bunnyland may remain undisturbed.
Once again, you reverse the roles. For the most part, the citizens of New York, Chicago, Paris, etc determine to go on about their lives as if the terrorists can only harm us if we give in to panic. Meanwhile, the inhabitants of red states, who are probably thousands of miles from the nearest terrorist, are the ones who freak out and demand immediate perfect security. Some of the first post-9/11 Homeland Security funds were earmarked to protect sites in Nebraska, for gosh sakes.
It's not the urbanites who are currently demanding we keep out Syrian refugees. And while the Paris and San Bernardino shootings were indeed tragic and sobering, does Paris really shock us when we imagine that those terrorists might strike here in the US, adding one more mass shooting to our annual 355 and counting? Had we been able to prevent the muslim terrorists in San Bernardino, that total could have been kept to 354. Is that really a goal worth giving up American ideals for?
onward
ReplyDeleteonward