Blayne Sucks

If you haven’t been to The Onion recently, why not? It is the quintessential time-waster site for those times when you have a spare five minutes where you can’t possibly get anything done.

I remember when The Onion launched their website and people were trying to make the mental leap for what it means to have a well produced satirical news website that was just as well presented (if not better) as any of the major news media sites. It wasn’t uncommon to get an email from a friend who had taken one of their stories seriously and thought it was real news. This has even happened to various major news media outlets.

Really though, they have been around in some form since the 80′s. Their website was were they really took off. And now they are taking off in the fake newscast video form. Last April they launched their online videos section, which is a satire version of those found on other news sites such as CNN and FoxNews. Amusingly, The Onion still has better web design than the big boys, IMHO. For example, it is easy to embed news clips from The Onion News Network:

Poll: Bullshit Is Most Important Issue For 2008 Voters

The Onion videos have been hit or miss for me. Some of them have been utterly hilarious, while others have failed to make the grade. This one was absolutely excellent. All good humor has some (and in this case quite a bit) of truth to it.

Clarence Thomas was interviewed on 60 Minutes tonight. I was still rather young when Thomas was going through his confirmation process and I didn’t realize that he only had about one year of experience as a judge at the time. There were a lot of political machinations that were going on with his nomination. I didn’t really understand them all at the time, but I do remember thinking it was far more of a circus than I thought it should be.

Daniel Solove was commenting recently on the idea of ending life tenure for Supreme Court Justices. His argument was inspired by the New York Times article and contained some of the same kinds of things that I disliked about the Clarence Thomas confirmation hearings. Solove argues that life appointments make the process even more politicized, put pressure on Presidents to nominate inexperienced justices that will be able to serve longer and are dangerous because of the unpredictable nature of which political entity would be in power when a seat comes open.

Life appointments make sense today for the reasons they did when they were initially chosen. The position is too important to have justices worried about what they will do after their time on the bench. Anything that can be done to ensure their independence in decision making should be done. Arguing about life expectancy differences doesn’t make sense to me. Ben Franklin was the perfect example to those writing the Constitution that it was possible a justice could live far longer than average and have an impact on the bench for decades. Regardless of what term limit there is, the process is going to be politicized to no end simply because it’s the Supreme Freaking Court. In the US, this is the last say in all things judicial, so why wouldn’t it become politicized? As for President’s nominating young and inexperienced people to the court, that is a serious problem and it’s out of hand. Youth isn’t nearly as big of an issue as inexperience, but it’s not a Presidential nomination problem so much as it is a confirmation issue. There’s a reason that the Senate has to confirm nominations. If the nomination is young or inexperienced, then the Senate should not confirm the nomination.

I recently read an excellent article on John Paul Stevens by the New York Times. I definitely don’t agree with all his opinions, but it is hard to argue that his voice and experience with decades of serving on the Supreme Court are detrimental. I don’t know that Justices are constantly able to think broadly in terms of history, but I expect it would be easier if you had broad experience with it.

I would hope that we could avoid messy confirmation battles like the one that Clarence Thomas went through, but I would prefer having those battles over changing a system that has worked pretty darn well for so long. With the political battles that have been fought recently, it seems more important than ever to make sure that the Supreme Court Justices are as independent and removed from the political process as possible. Lastly, term limits would cut short the time that once in a generation minds could serve. What if Oliver Wendell Holmes Jr. was only allowed to serve 18 years? What about John Marshall? What about Louis Brandeis?

[Edit: I wanted to add that Clarence Thomas's recent autobiography and interview on 60 Minutes have caused Anita Hill to speak out. This seems like one of those stories for which we may never be able to fully know the truth. It also is exactly the worst kind of story in politics in that it has almost no significance on the national level but yet we still devote tons of time to trying to understand it.]

[Edit2: More commentary on cnn.com that argues Clarence Thomas has a right to be angry.]

There’s a BBC article that was posted this past Saturday entitled Big Brother is watching us all. I am leary of reading traditional media articles about privacy because many of them are inflammatory and most seem to provide and distorted view of what most reasonable privacy advocates are actually advocating. However, I was curious because it was the BBC and London is well-known to have extensive surveillance camera networks.

Despite my misgivings, the article does describe some technologies in a rational and accurate manner. I don’t know if the technologies described are right around the corner or if it will still take decades for them to be functional. The reality is probably somewhere in the middle. However, I do know that we’re nowhere close to being able to understand as a society the implications that some of these things, when functional, will have for us.

Of course, there is a great example of the traditional tripe usually found in mainstream media articles. It comes at the end of the article:

Using radio waves, you point [the device at] a wall and it tells you if anyone is on the other side. [Ian Kitajima's] company, Oceanit, is due to test it with the Hawaiian National Guard in Iraq next year, and it turns out that the human body gives off such sensitive radio signals, that it can even pick up breathing and heart rates.

“First, you can tell whether someone is dead or alive on the battlefield,” said Ian.

“But it will also show whether someone inside a house is looking to harm you, because if they are, their heart rate will be raised. And 10 years from now, the technology will be much smarter. We’ll scan a person with one of these things and tell what they’re actually thinking.”

He glanced at me quizzically, noticing my apprehension.

“Yeah, I know,” he said. “It sounds very Star Trekkish, but that’s what’s ahead.”

This is exactly the reason I dislike mainstream media articles about technology. No, there will not be a magic radio wave device that can read your mind and determine what you’re actually thinking in the next ten years. This is hogwash. One of the many reasons why is simple. The first step in building a device that can determine what someone is actually thinking is creating an algorithm or process that can determine what someone is actually thinking. Anyone who has ever been married can tell you how successful humans are at that sort of thing.

A quickly beating heart is indicative of many disparate things. Most of these are not “I am preparing to kill whomever is staring at me through my wall.” However, if you are a member of a SWAT team holding a device such as this in one hand and a machine gun in the other… Well, let’s just say that a hammer sees every problem as a nail.

A similar situation is described in Blink by Malcom Gladwell where a police officer had to make a split second decision based on bad instincts. The good news is that training can improve split second decisions in police officers. Thus, it is possible that proper training in the use of technology can prevent abuses and wasteful spending which might result from misunderstanding technology. The bad news is that we may not be able to train those in decision making positions rapidly enough to keep up with technology marketers (and clueless mainstream media journalists) who are trying to sell the next miracle device that will solve all your security problems.

There’s a principle in computer security that is the basis of access control as we know it. This principle is called The Principle of Least Privilege. The idea is that you should only provide the minimum amount of rights needed for someone to do the things they need to do. For example, an account for a computer user who merely needs to browse the web and send emails shouldn’t also include rights to do things like install or remove programs.

Key to this principle is the concept of a “root” owner of rights who is able to determine who deserves to have what rights. With a computer, that “root” owner is the administrator account, but there is a political mirror to this principle. In a police state or dictatorship, the “root” owner of all rights is the State which can pretty much distribute rights however they wish. In a democracy, the root owner of all rights is the citizenry who elects politicians to create, enforce and maintain a legal system that dispenses these rights.

The citizens of a democracy must continually verify that the distribution of rights is proper. Recently, a story was posted on Slashdot about someone doing just that. I encourage you to read the details about this because it demonstrates exactly the kind of thought process that has been abandoned by many citizens for the sake of convenience.

I don’t want to get into anything overly political, so I won’t comment further. However, I do hope that you’ll at least consider this man’s situation. Ask yourself a few questions about the division of rights in this scenario. Do you feel that the Principle of Least Privilege has been violated? Consider similar situations, such as producing a driver’s license or other ID to board an airplane. For example, should you have to display an ID to fly?

[Edited to add: A friend of mine pointed out a similar story about a trip to Best Buy.]

Sometimes I have to try actively to avoid a “me too” post after Bruce Schneier‘s latest article goes up on Wired. However, I will indulge myself this time because his latest article is about disaster recovery communications. I feel very strongly about this and Bruce speaks so eloquently about it that I would be remiss in not posting a link to his thoughts.

His basic premise is that whatever you do to plan for disaster recovery works regardless of what caused the problem. Natural disaster? Check! Security breech? Check! Random malfunction? Check! Unknown design flaw? Check! This is what makes backing up the data on your computer such an important thing. It is useful regardless of how you lose your data. Also, the cost associated with making a backup is really low.

Schneier’s article isn’t about backing up computer data though. He focuses on improving communications between first responders. Any emergency responder will tell you that the most critical elements in responding to a situation are timing and communication. We can’t make more time, so improving communications during disaster recovery is low hanging fruit that I would hope politicians of any stripe could agree on. There may be some local disputes about protocol or hardware, but in the end these seem pathetic because of the big picture.

There’s a new article up on New Scientist (subscription required) about how conspiracy theories work. I found this from Bruce Schneier’s blog and he had a link to a non-subscription version here.

Now, there are several reasons why I’m interested in this. One is that I am a JFK assassination hobbyist, which is probably one of the most famous conspiracy theory generating events in world history. Probably the most important reason is that I think current government policies, like RealID and NSA warrantless surveillance, are being born based on a similar rationale.

There’s this instinct to try and balance the scales when a major unexpected event happens like the JFK Assassination or the 9/11 Terrorist Attacks. In the case of the JFK Assassination, people couldn’t balance a crazy lone gunman with a rifle against the charismatic, popular President of the United States. Thus, millions of conspiracy theories were born. Unfortunately the government’s response to 9/11 has been similarly reasoned. Government officials are unable to balance that a relatively small group of people was able to pull off the biggest terrorist attack on the US. In an attempt to balance the scales these officials and politicians have blown the problems caused by terrorism way out of proportion. Sadly, this response has brought about some changes in government that are wide-ranging and equally ill advised.

Sometimes horrible things happen for simple, unfortunate reasons. JFK was killed by one guy with a rifle. 9/11 was pulled off by a small group of extreme extremists. These things don’t mesh with our desire to balance them. We want to say that JFK was killed by the maffia or Cuba or some US government faction. We want to say that 9/11 happened because of a terror network so massive that we need to let the NSA have unprecedented ability to use surveillance on Americans without a warrant simply to ferret out some of this network.

If you look at the world through the glasses of a conspiracy theory, everything suddenly becomes suspect. The reality is that the traditional methods of investigation almost caught the 9/11 terrorists. Somehow even this fact is perverted into support for the changes that have been proposed. (e.g. “We had all the information we needed right under our noses and we still failed to get them! Let’s change everything!”) While ‘almost’ doesn’t help anyone killed or bring back the billions of dollars lost in the attacks, it should at least have provided proof that many of the massive changes which have taken place aren’t necessary and may actually hurt.

Some things are tragic simply because there is no way to balance them sensibly. Life doesn’t have a law of reciprocation. Sometimes there is no “equal an opposite” cause for a tragic effect. If anything, that is the point of the word tragedy. The government’s continued futile attempts to rationalize tragedies in this fashion only prolongs the grieving process and prevents us from moving on.

I just got done watching the CNN – YouTube Democratic Debate and was blown away at how well the format worked. I think there are a lot of things about current American Politics that would disappoint the Founding Fathers, but this format for the debate certainly wouldn’t be one of them. The format also harkens to shades of what Al Gore mentions in his book, The Assault on Reason, about the Internet restoring democracy in America. I am very much looking forward to the Republican Debate in September.

I don’t want to get too much into the politics of it because that could be like writing a book, but I will say that I thought Obama did the best in this debate. He came off as both a young and revitalizing JFK-style candidate and a fighter for the people Teddy Roosevelt-style candidate. I thought Mike Gravel performed admirably as the semi-crazy foil to the Democrats, but really I think Ron Paul has the semi-crazy foil award wrapped up in his role as that to the Republican party.

I am a bit bothered that the debate wasn’t on a major network. Perhaps the popularity of user generated content will push to make future debates on network TV rather than cable. I’m not holding my breath though.

I was kinda surprised that there were less than 3,000 videos posted online about the debates. A one in 3,000 chance of being able to ask a question to the Democratic Presidential Candidates and have it answered on national TV is pretty good. Plus, with the popularity of the format, I am going to go out on a limb and predict that there’s at least 30,000 videos submitted for the Republican Debates.

You can see the questions that were chosen here and you can see the other questions that were asked here. I also would like to see the entire debate posted online, and if I can find a link to it, I’ll add it here. I’m sure eventually those links will break, but they look like they will be good at least until the next presidential election.

Today is the 203rd anniversary of the Aaron Burr – Alexander Hamilton Duel. (Or is it the Alexander Hamilton – Aaron Burr Duel?) Either way, this duel is probably still the most famous in American history. I used to think as a kid that this was yet more reason to think that politicians were crazy because they got so worked up about things that didn’t really matter all that much. For the most part, I still think this is true. It’s good from time to time to take a few steps back and recognize that most of the time the things we are worried about aren’t really all that important.

There’s an excellent article about Data Reuse on Wired by Bruce Schneier. In the article he talks about the American use of census data to populate Japanese-American internment camps. Of course, he very easily could have been talking about the German use of census data in the Holocaust, which was going on at the same time.

Either way, the point is the same: Data Reuse can be a very ugly and oppressive thing. It is also a complex problem to solve that involves both law and technology. In the American case, there were laws preventing this sort of use of the census data. Those laws were suspended. In the German case, the data was organized in such a way that it was difficult to access efficiently. The technology was improved.

Solutions to problems like this aren’t easy to create, particularly in an instant gratification culture. The Cathedral of Chartres was built over a 75 year period. When it was completed, the people must have thought it would last forever. Projects are not built with that view of history anymore. People of that era never built things thinking they would be obsolete in a few years anyhow. The Colosseum in Rome was used as a stadium for 500 years. Market Square Arena in Indianapolis was used for 25 years.

I understand that planning for the future in an era where the future seems to change so rapidly before our eyes is not easy, but if we do not pause for a moment, think about the broader historical context of what we are building, then we will are setting ourselves up for failure.

Schneier closes with some well-worded thoughts about this:

History will record what we, here in the early decades of the information age, did to foster freedom, liberty and democracy. Did we build information technologies that protected people’s freedoms even during times when society tried to subvert them? Or did we build technologies that could easily be modified to watch and control? It’s bad civic hygiene to build an infrastructure that can be used to facilitate a police state.

One of the biggest reasons that computer security is so lax across many private industries is that there is a serious lack of accountability. If a business has a massive data breach, currently the only major or direct consequence of that breach to the business is a public relations problem of some degree. Of course, for many of the people who just had sensitive personal information compromised irretrievably, the consequences are much more dire.

In light of this, I’m very please to have read about some promising recent state laws that are allowing businesses to recover costs related to data breaches by other businesses. This is a bit abstract so here’s an example: ABC Corporation has a data breach. This data breach requires XYZ Incorporated, who has many of the same customers, to spend a lot of time and money updating records and making sure that all their customers are once again legitimate. Under laws similar to the ones mentioned in the article, XYZ Incorporated can now recover costs from ABC Corporation.

This sort of financial accountability is critical to improving data security across industries. Bruce Schneier has talked about this before. It’s a fairly simple principle that for some reason has been particularly slow to catch on. Unless there’s a financial incentive to good data security practices, businesses won’t bother with them.

I also like that this is a business vs. business scenario because that should improve enforcement dramatically. HIPAA has been stuck in limbo because of a near complete lack of enforcement to this day. Other businesses are much more likely to take the time to sue companies with poor data security than the government.