I am … unhindered by talent

There’ve been various mutterings about the fact that Obama may have to give us his electronic communications tools like e-mail and his Blackberry due to both security and transparency concerns. However, as Summatus Mentis points out:

You know what this means right? It means that there are 14 year olds that are more connected than our president is currently.

Not to mention 8 and 10 year olds.

Yup, this whole no-e-mail thing seems pretty messed up. You’d think that the full resources of the United States ought to be able to do better than sending the poor fellow into the IT stone age as his reward for being elected to the highest office in the land. What I’d really rather see is some of that “Yes we can” attitude applied to this problem, both because I think it makes sense for the way that Obama works and because it has the potential to improve the security and sensibility of everyone’s IT usage.

At the moment, for example, most people’s use of e-mail is pretty haphazard and insecure. Almost no one is using digital signatures, so forging e-mail is all too easy, which then makes certain kinds of phishing scams far easier to perpetrate. Widespread use of a proper signature system would in fact make large quantities of e-mail spam trivial to identify, as messages that didn’t bear a certified signature could be discarded without further consideration. Similarly, there are quality (if greatly underused) tools that allow us to encrypt important e-mails in such a way that they can’t be (easily) read by anyone other than the intended recipient.

What better opportunity, then, to do better?

A politician (including a President) has many important roles, and one of those is to help inform and educate the public on matters of significance. And this isn’t a matter of elitism, it’s a simple matter of access to resources. There are lots of things that I recognize are probably “important”, but don’t have the time or resources to become expert on. One would presume that if the President labeled something as “important” whole staffs could pop into existence to study the issue, generate summary reports and recommendations, etc.

Here, then, we have a chance for Obama to say that he doesn’t want to lose his electronic tools, and bring the scientific and technological resources to bear to secure and archive those transactions as required by his office. The process itself should be transparent, as the best security is obtained through transparent use of high-quality algorithms and tools, which then means that many of the benefits of this analysis and research can be shared more widely. If, for example, the President started using digital signatures on his public messages, you can bet that all the hip kids (i.e., the people that will be running the world in 10 years) would be installing the software needed to check those signatures at warp factor 9. Then they’d start signing their messages, and the snowball would be off down the mountainside.

These sorts of technologies depend heavily on a perceived use — people aren’t going to adopt X until they perceive that enough other people are using X to make it worth their while. As a small fry, I can adopt all I want and rant ’til I’m blue, but I don’t have the necessary weight to pull much of anyone along with me. Obama, on the other hand, can have a profound influence through fairly simple actions.

This could also open up a wonderful public discussion of security in general, which impacts everything from Facebook to ATM PINs to electronic voting machines, things that are woven deep into the fabric of our social, economic, and political lives. Things that matter, but which we take for granted or ignore.

So now’s the time — likely the best time ever — to move us all forward instead of holding our newly elected President back.

Yes we can.

Related posts

• What McCain can do for America (3)
• You’d almost think women were important (1)

photo credit: PieterMusterd
As most anyone who’s flown much in the last few years can attest, the existing TSA airport security system frequently borders on the ludicrous. I know I’m more comfortable in the air knowing that 7-year-old John Anderson (of Minneapolis) is on the national Terrorist Watch List, and his parents have to “check in at the ticket counter so an airline official can see that he’s a child”.

If you’re looking for an opportunity to be even further depressed on this issue, I definitely recommend the ACLU’s short “national security quiz”. It’s really nice to know that “The U.S. government can seize your laptop, cell phone or PDA as you enter the U.S. and download all your private information—all without a warrant or probable cause” ’cause we are the Home of the Free and the Beacon for Democracy or some such. It’s also reassuring to learn that there are over 1 million people on the national Terrorist Watch List (which is then reduced to little more than a massive fishing expedition), and that includes a number of high profile dead people.

‘Cause dead people are so scary when they fly…

Man, oh, man, what a boondoggle. Absolutely enormous amounts of money and energy being expended, little of which actually does anything to make us more secure.

Another proud resume item for Our Fearless Leader. And another reason to be grateful that his fiasco of a presidency will end soon.

Related posts

• Yes we can (improve the security of our e-communications) (0)
• What McCain can do for America (3)

While I realize that this is little more than incoherent link propagation (unlike my normally focussed prose-o-wonderment), hopefully pulling some of this fluff from the mighty tubes that connect us all will help clarify our various connections and communications.

A couple that our amazing progeny sent my way:

• How I failed the Turing test: How would you convince a random new IM contact that you were a person and not a bot? (Of course might wonder why you’d bother, but we’ll ignore that for now.)
• RIAA Declares Using Brain to Remember Songs is Criminal Copyright Infringement (satire): Fairly amusing piece on the “Music industry moguls remain willfully clueless” thread. I love how the authors felt the need to include “satire” in the title. Are we really that dim?

I’m not sure where I got this pointer from, but Bruce Schneier is exhorting people to “Steal This Wi-Fi” over on Wired. In a world where people expend tons of energy securing their wireless networks (and ISPs often require it of their customers), one of our major security experts chooses to keep his home wireless open. “To me, it’s basic politeness. Providing internet access to guests is kind of like providing heat and electricity, or a hot cup of tea.”

And in a vaguely related piece on security, a post from John Naughton on the dangers of publishing your bank details. Jeremy Clarkson, arch-conservative, petrol head, and (much to my dismay) highly amusing Top Gear presenter decided that the woo-haa was way overblown regarding the recent loss by British government officials of financial details of millions of people. So he published his bank details in his Sun column. According to the BBC, however, “Clarkson admitted he was ‘wrong’ after he discovered a reader had used the details to create a £500 direct debit to the charity Diabetes UK.” Oops.

Well, my tubes are definitely clearer. Thanks for the Q-tip.

Related posts

• “Poor, stupid deluded Sony BMG” (1)
• What goes around apparently keeps going around (1)

I suspect many of our readers will already have seen something about this, but just in case it hasn’t gotten a lot of U.S. press, Chancellor Alistair Darling (a very high ranking member of the British government) announced today in the House of Commons that 2 discs (CDs or DVDs - I’m not sure) were lost that contained highly confidential information for 25 Million Individuals. This data included names, dates of birth, insurance numbers, and (in some cases) bank account details — essentially all the toys you’d need to execute identity theft and fraud on a massive scale. The kind of stuff that an organized crime outfit would probably pay mucho top dollar for.

And the data was unencrypted.

Yup.

Unencrypted.

Makes you want to cry.

(In fairness, the discs were “password protected”, but no one seems clear on what that actually means. Given that most password systems for discs and files are child’s play to get through, without solid encryption on the other end “password protected” doesn’t offer much comfort.)

Unfortunately, as several of the talking heads pointed out, this is at some level inevitable as governments, corporations, and educational institutions move to larger and more centralized databases. Consider, for example, last year’s leak of the search histories of half a million AOL users.

The U of M at least tries to take these things seriously, but they don’t always get the stick by the right end. There’s a lot of noise, for example, about whether faculty like myself should be able to hold confidential student data (including things like homework grades) on our office computers or (far worse) on laptops or home computers. This is partly a security concern (stolen laptops are always a risk, who knows how well I’ve configured and updated my computers), and partly a data protection concern (how often do I actually backup my data). If they seriously go down this road, however, then one consequence is that all this grade data for the entire University is in one place. At the moment, if my computer gets lost or destroyed or stolen, there’s not much exposure. It would be painful and unpleasant for me and several dozen students, but the ripples would stop pretty quickly. If all that data is centralized, however, then the risk is arguably much greater, especially if it’s not managed well.

In reality, I’m not their real problem. I just don’t have access (and rightly so) to enough data to mess up very many people’s lives. There are admin and support staff, however, that have access to enormous amounts of sensitive information. Are they able to burn a couple of DVDs full of the stuff? Probably (but hopefully not easily). Are they trained on why that would be a really dumb idea? I think so.

But then I would have thought that staff at Revenue and Customs over here would have had that sort of training.

And apparently I would have been wrong.

Thanks to the fine folks at MonkeyRiverTown for the great photo.

Related posts

• Education’s an investment, not an expense! (4)
• We have to help them understand: Science matters! (1)