flwyd: (transparent ribbon for government accoun)
This week's attention on the NSA's domestic surveillance has reminded me of an exchange from 2006 in which Gen. Michael Hayden, former head of the NSA, claimed that the Fourth Amendment doesn't require probable cause and, furthermore, "if there's any amendment to the Constitution that employees of the National Security Agency are familiar with, it's the Fourth."

Lest anyone forget what the Fourth Amendment says,
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
flwyd: (transparent ribbon for government accoun)
As you may have noticed, people on the Internet are upset about new TSA security measures. Broadly, there seem to be three objections:
1: "I don't want to be exposed to radiation."
2: "I don't want government employees to see me naked."
3: "I don't want government employees to touch me."

In general, these are all valid concerns, but to me the current volume and hyperbole seem overblown. I have yet to fly with them in place, though, so I don't want to make any firm claims. However, in preparation for my trip to New York City on Monday, I found the TSA's Advanced Imaging Technology FAQ:
Q. What has TSA done to protect my privacy?
A. TSA has implemented strict measures to protect passenger privacy, which is ensured through the anonymity of the image. A remotely located officer views the image and does not see the passenger, and the officer assisting the passenger cannot view the image. The image cannot be stored, transmitted or printed, and is deleted immediately once viewed. Additionally, there is a privacy algorithm applied to blur the image.
So objection #2 is pretty silly: the person who "sees you naked" doesn't also get to see the fully-clothed face-in-tact you. So arguably they'll be looking at naked pictures, but they'll have no way to know it's you. Even if the images aren't deleted, there's no record of who went through which security line when, so it's just an anonymous human body. And after several hours a day of looking at "naked" images, these screeners are not going to be in any way aroused by the fuzzy monochrome body parts of American travelers. There's far higher quality naked pictures of more attractive people doing sexually suggestive things available for free on the Internet.

Another nugget from the FAQ in regards to concern #1:
Backscatter technology projects an ionizing X-ray beam over the body surface at high speed. The reflection, or “backscatter,” of the beam is detected, digitized and displayed on a monitor. Each full body scan produces less than 10 microREM of emission, the equivalent to the exposure each person receives in about 2 minutes of airplane flight at altitude. …
Millimeter wave technology bounces harmless electromagnetic waves off of the human body to create a black and white image. It is safe, and the energy emitted by millimeter wave technology is thousands of times less than what is permitted for a cell phone.
So yes, you receive some harmful X-ray radiation while being scanned. But it's orders of magnitude less than the radiation you receive by actually flying on the plane you're about to board. Radiation exposure is a valid concern and you wouldn't want to walk through one of these several times a day, but avoiding the scan before you get on a plane is like refusing a breath mint after Thanksgiving dinner because you're worried about its calories.

The third objection is a touchy subject. [livejournal.com profile] elusis has pointed out that women, minorities, and transgendered people have been uncomfortable with airport pat-downs for years, but it's a big deal now because suddenly an able-bodied cisgender white man is the one who was complaining about the government touching their dicks. I can sympathize with folks with an adverse reaction to people touching them, but I wonder what they do when they're sitting in a window seat and need to go to the bathroom, surfing over the laps of the two people in their row and sliding past the flight attendants. And it's not like pat-downs are a new thing, they're just doing a more thorough job.

I'm not trying to be a TSA apologist, I'm just trying to keep things in proportion. The whole airport ritual is absurdist security theater worthy of ridicule by Franz Kafka. That they could say "I'm sorry sir, but that's too much toothpaste" is an illustration that it's a human computer with a rather inelegant program. They've got Eric Schmidt's vision backwards. He says "Computers will clearly handle the things we aren’t good at, and we will handle the things computers clearly aren’t good at." But the TSA has humans implementing strict sets of rules (which computers are great at) and not making judgement calls about social situations (which computers are bad at).

I hope this episode will generate enough momentum to change the American approach to airport screening so that it's both more efficient and more secure. But it feels more like a hangover from all the tea partying, which quickly went from "Giving billions of dollars to major banks is unjust!" to "Let's bring a Republican majority back to Washington!"

DIA has over twice as many metal detectors as imaging scanners, so it should be possible to pick which screening technology you get. I might ask for a grope, just to see how intimate it really is.
flwyd: (bad decision dinosaur)
Facebook announced this week that when you visit Pandora for the first time, they'll hand over all of your friend information so Pandora can set up your station with music your friends like. This is the sort of "What were they thinking!?!" news I hear about Facebook every six months or so. The frequency of such moments is the main reason I don't have an account on Facebook. For the most part, Facebook's march toward making all your social information public wouldn't be a big deal if it had started that way. Nobody gets upset about Twitter followers or LiveJournal friends being public because they've always been that way. But when people provide information on the assumption it's private and then all of a sudden it's public, they tend to feel betrayed.

Tech Crunch included a screen shot of my Buzz post referencing that link in an article about Google engineers concerned about Facebook privacy. I don't know if they also write stories about Microsoft employees blogging about iPhones or Qwest employees tweeting about their Sprint service or Subway employees declaring the Double Down is gross.

On the other hand, Facebook made some positive announcements at f8 (is their conference really pronounced "fate?"). With Open Graph, you'll be able to build a social network out of pieces that aren't all housed in one place. So if you decide you don't like Facebook, you can move to a different site, but people can still "friend you." And you can add a little HTML to your blog and then someone can "like" it on Facebook or any other site supporting Open Graph.

The following is a Slashdot comment I posted in response to the assertion
once something hits the internet its out there, no privacy promise by a huge corporation is going to protect it.

BS. People send millions upon millions of email messages a day and have a reasonable expectation that their email providers and any SMTP hops along the way are going to keep them private. If a webmail provider suddenly decided that everyone's email address and all the addresses of all their contacts were to be public (unless you opt out), that would rightly be perceived as bad behavior and a violation of users' sensible assumptions. The path of least resistance opt-in flow for Google Buzz had the end result of publicly listing the names of some of folks frequent contacts (who'd also opted in). It created a big uproar and Google quickly changed the wording to make it clearer what would be public and how to keep it private.

I access my banking records through the Internet on a regular basis. I use this convenient system instead of paper and phone calls precisely because I trust the privacy promise provided by my bank. A bank that suddenly decided to make everyone's financial information available to the world on the web by default would quickly lose a lot of customers and get a big fine from the regulators. I don't think we need a Federal Department of Regulating Facebook, but I do think we have a right to expect companies to stick to their privacy promises and suffer customer-based consequences if they fail to live up to them.

One thing The Cloud can do better is give users control of their data. Google's Data Liberation Front is a good model: If a user decides they don't want to use a cloud provider's services for whatever reason, it should be easy to get all their data out of that company's control and import it in to a different cloud provider (if desired). Take it a step further: As a user of service A, I should be able to select certain information to share privately with my friend who uses service B. Like telephone companies and the post office, the service providers should transmit and present that information, but they should have no option to change the parties who can see it.

Caveat: Court orders and other legal actions can force a provider to reveal private information without the approval of that information's owner. This is true of banks, cloud providers, and internal IT departments. So yes, if you're planning an elaborate murder scheme on the Internet, don't assume it will only be seen by your co-conspirators. But if you're closeted at work and out to your friends, you have a right to expect your social network won't suddenly decide to make "Orientation: Gay" the first thing people see when they Google your name.
flwyd: (daemon tux hexley)
With Panopticlick, the EFF is pointing out how websites could track you even if you don't have cookies enabled. If JavaScript is enabled, website authors can figure out things like your set of plugins and fonts. But when I visited with NoScript enabled, my browser fingerprint was unique among the first 425,722 seen. I guess of the 35 visitors running Firefox 3.6 on MacOS X 10.6, I'm the only one with JavaScript disabled. Heck, I even had one collision using lynx!

Unlike super market loyalty cards, it's a lot harder to trade web browsers with a stranger to throw the trackers for a loop.


Monday, December 15th, 2008 10:44 pm
flwyd: (dogcow moof!)
Even though I've been on the Internet for more than half my life and on the web for three quarters of its, I have some significant new tech and Web 2.0 luddite streaks. I don't have a cell phone, for instance, though that's as much because I don't want to pay lots of money to deal with the phone company's shenanigans as it is because I don't want to use the phone when I'm taking a hike.

I'm not on MySpace for pretty simple reasons: The site looks like all the amateur web designers from 1996 threw a huge party, got smashing drunk, and threw up all over my web browser. It's like Geocities got a whole bunch of money for a class reunion but still held it in the school gym. I may not be gung ho for every new netfad, but I have no nostalgia for mid-90s web design.

Facebook is another Web 2.0 phenomenon I haven't participated in, much to [livejournal.com profile] mollybzz's distance scrabble dismay. The site has struck me as a lot more professional than MySpace and it's probably got more of my friends from the past as users. But a few things bug me about Facebook:
  • People's profiles are mostly private by default. I've occasionally googled a name and found a completely uninformative Facebook page. At least a visit to MySpace can tell you if you've got the right person. As a non-impulsive consumer, I like to have a sense of a product or service before I sign up. For instance, I get the sense that a lot of Facebook posts aren't very insightful, but it's possible people I know put more thought into their content. But the site doesn't make it easy for me to figure that out.
  • As a result, most of what I know about Facebook is by reputation. And it hasn't done a very good job of maintaining that.
  • Nine months ago or so, all I knew about Facebook was that you could play Scrabble and you got lots of random undesired bits of marketing thrown in your face. I think that was when they were trying their "Broadcast to everyone what you just bought on Amazon even if it's How To Deal With A Venereal Disease or a present you were going to surprise your girlfriend with. Signing up for in-your-face advertising didn't sound fun.
  • I hear they realized the error of their ways on that one and made it opt-in. I also heard Facebook played an important role in getting people excited about and involved with the Obama campaign. So that's good and sociologically interesting, at least.
  • But even with in-your-face ads and automatic broadcasting of private activities gone, I'm not particularly excited about their approach to privacy. When they sign up, they ask for your passwords to web mail and instant messenger services. They then proceed to spam the people in your address book. (I hear you get to select who gets spammed, but it's still very impersonal spam.) Even if Facebook's address book combing is implemented perfectly and hasn't ever had a security breach, telling random Internet users that it's okay to give your password to third parties is bad virtual citizenship. If, when you joined a gym, somebody said "Can I have the keys to your house so I can look through your rolodex and phone all your friends," most people would say "Are you crazy?" But the majority intuition about cybersafety isn't very acute yet, so major players on the web have a duty to foster (or at least not undermine) good habits of online behavior.
  • This evening, I received an automatic Facebook invite (subject: "Check out my Facebook profile") from someone I know a little. I'm not a very popular person, so this is like my third ever. No biggie. Then within the course of three hours I got four messages from Facebook with the subject "XYZ has added you as a friend on Facebook..." Huh? Did Facebook broadcast who had found me in their address book? These messages give a very odd sense of privacy invasion and I haven't even given them any yet. Is Facebook going to be this annoying when I'm an actual user? Why would I sign up for that?
In Facebook's defense, I've gotten more annoying messages from other Web 2.0 sites. Somebody I'd had a brief argument with on a Dragonfest mailing list added me to her combination-blog-and-mass-mail site so I got a bunch of essays written by someone I didn't find interesting on topics I didn't care about. And some kid in Utah signed up for MySpace with my GMail address (which had not yet appeared in spiderable locations), so I got a bunch of unsolicited friend requests from sketchy groups. Something similar happened with some high school sports website, so I periodically got mail inviting me to vote in polls about Friday night football and stuff.

Am I wrong about Facebook? Is it totally awesome and it's just got a misleading representation? Would it provide significant value to someone like me? I've already got a blog and a website. I'm the first hit on Google for "Trevor Stone" and I'm on the first page for "trevor new vista boulder," so anyone who really wants to find me can do so easily. I don't feel the need to share the minutia of my life (do you really care that I ate leftover curry bratwurst tonight?), and when I have something substantial to say I tend to spend half an hour writing a post. So other than distance Scrabble, why is Facebook popular?

New Public Key

Friday, October 19th, 2007 11:41 pm
flwyd: (daemon tux hexley)
I set up a GPG public key in February, but realized tonight that since I haven't used it in eight months I have no idea what the passphrase is. My mind went back to some ideas I came up with at the time, but none were winners. Since nobody's ever sent me any encrypted mail, I threw the old key away and made a new one. Feel free to send me any email, trivial or super-secret, using this key.

Congress and the White House want to give retroactive immunity to telecomm companies which break the law and divulge your personal communications. If all mail you send is encrypted, the NSA can't assume that it's important just because it's encrypted.

My public key is also on my website: http://trevorstone.org/publickey.html
If you ever note a discrepancy in public keys or want to be sure you have the right key, contact me personally, verify my identity, and get my digital fingerprint.

Version: GnuPG v1.4.6 (Darwin)


October 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 2017

Most Popular Tags

Expand Cut Tags

No cut tags


RSS Atom
Page generated Wednesday, October 18th, 2017 06:32 pm
Powered by Dreamwidth Studios