This is an interesting article by Evgeny Morozov that posits a counter argument on cyber-security. The gist is that the cyber-warfare drums are being beaten by those with much to gain by the user investing in cyber-warfare capability.:
The age of cyber-warfare has arrived. That, at any rate, is the message we are now hearing from a broad range of journalists, policy analysts, and government officials. Introducing a comprehensive White House report on cyber-security released at the end of May, President Obama called cyber-security “one of the most serious economic and national security challenges we face as a nation.” His words echo a flurry of gloomy think-tank reports. The Defense Science Board, a federal advisory group, recently warned that “cyber-warfare is here to stay,” and that it will “encompass not only military attacks but also civilian commercial systems.” And “Securing Cyberspace for the 44th President,” prepared by the Center for Strategic and International Studies, suggests that cyber-security is as great a concern as “weapons of mass destruction or global jihad.”
Unfortunately, these reports are usually richer in vivid metaphor—with fears of “digital Pearl Harbors” and “cyber-Katrinas”—than in factual foundation.
While the author makes some good points, there are some disturbing phrases such as this one (emphasis added):
Much of the cyber-security problem, then, seems to be exaggerated: the economy is not about to be brought down, data and networks can be secured, and terrorists do not have the upper hand. But what about genuine cyber-warfare? The cyber-attacks on Estonia in April-May 2007 (triggered by squabbling between Tallinn and Moscow over the relocation of a Soviet-era monument) and the cyber-dimension of the August 2008 war between Russia and Georgia have reignited older debates about how cyber-attacks could be used by and against governments.
I find it interesting that the Russian invasion of Georgia would be described in such terms. It says a lot really.
The article is worth reading and we should be careful not to get carried away by the hype. Skepticism is always warranted. But I feel the complacency suggested by the author is unwise. The time to prepare defenses is when there is not an immediate danger. For when there is one, it may be too late.
The genie is out of the bottle. Cyber-warfare will happen to someone. To not prepare for it is to invite it to happen to us.
Categories: Cyber-warfare · Security
Tagged: Cyber-warfare, Security
This is interesting. Sears (and Kmart) web pages now support OpenID for consumer authentication (as a relying party). I just gave it a spin on the Sears web site and it worked quite nicely with my Yahoo OpenID. When reauthenticating it remembers that I used my Yahoo OpenID last time and gives me that as a choice.
This is a really good application of OpenID. It gives me quick and easy access to consumer information without having to fill register yet again.
The only downside was that it required me to pick a unique screen name. I would have preferred it to give me the option to use my Yahoo OpenID as my screen name.
Other than that, it’s nicely done.
Categories: Authentication · Identity · OpenID · Standards
Tagged: Identity, Kmart, OpenID, Sears
Here is a disturbing idea from Cisco:
Chambers and Chief Demonstration Officer Jim Grubb showed off a camera from FLIR Thermal Infrared Camera Systems that can measure people’s body temperatures. If these cameras were installed at tollbooths to examine drivers, and networked with other such sensors, they could build a picture of how many people in an area had fevers that might indicate a disease such as the flu, he said.
Note that this data could be correlated with the transponder IDs to determine not only how many people have a fever but which specific individuals likely do. Although the intentions may be benign, this is an unacceptable violation of privacy.
Just because I take a toll road does not mean I am giving the government the consent for a remote medical exam.
Categories: Privacy · Surveillance
Tagged: CISCO, Privacy
Billy Mays has passed away. I understand he lived not too far from me, in Palm Harbor FL.
In many ways Billy Mays is the antithesis of Willie Loman. Billy Mays was a hero of the American Dream, not a symbol of its failure as was Arthur Miller’s salesman. He showed that you could reach great heights by doing one single thing well and doing it with gusto.
I hope he is hawking some truly heavenly products now.
Categories: Freedom
Tagged: Billy Mays
Jackson Shaw makes the point that the last thing that most enterprises need is to take on is provisioning their SaaS identities when they are still struggling with their internal identities:
We have a standard called “Services Provisioning Markup Language” (SPML) which was specified to help provision identities via a web service. Does your SaaS vendor support that standard? I’ll bet they do not! What do you do then? I’ve met with hundreds of customers over the years and many are still struggling with provisioning inside the enterprise! Throw in SaaS provisioning – via some hairbrained interface because the vendor doesn’t support SPML – and it only adds to the organization’s identity management complexity.
Of course having an SPML capability in a SaaS is not going to be much help if the enterprise doesn’t have a provisioning system in place with SPML support. SPML support is not widely available in provisioning systems (although there are a few that have it out of the box).
Ashraf Motiwala echoes the point and also points out that enterprise are going to want to leverage not only their internal provisioning systems, but also their workflow and role management systems as well:
Recreating a workflow engine, role management, delegation, etc. in the cloud seems to just create redundancy for these capabilities, especially for organizations that have already dropped a few dollars to deploy an IdM solution on premise. Why would I drop my existing investment here? (Perhaps there is a compelling case, but I just don’t see it.) I would much rather find a solution that proxies the SPML requests from my existing provisioning solution that handles all the complexities (or “hairbrained interfaces”) for the SaaS apps on the backend!
The upshot is that SaaS vendors should be rolling out SPML interfaces to their services. But just like with the traditional enterprise software vendors, they most likely won’t do it until the customers demand it. Until it becomes a selection criteria it probably won’t happen.
Categories: Identity · Identity Management · Provisioning · SPML · SaaS
Tagged: Identity, Identity Management, Provisioning, SaaS, SPML
Can the TSA really detain someone just for carrying a manuscript? Apparently so:
Sable wrote of his experiences: ‘Flying from Los Angeles to New York for a signing at Jim Hanley’s Universe Wednesday (May 13th), I was flagged at the gate for ‘extra screening’. I was subjected to not one, but two invasive searches of my person and belongings. TSA agents then ‘discovered’ the script for Unthinkable #3. They sat and read the script while I stood there, without any personal items, identification or ticket, which had all been confiscated.’
‘The minute I saw the faces of the agents, I knew I was in trouble. The first page of the Unthinkable script mentioned 9/11, terror plots, and the fact that the (fictional) world had become a police state. The TSA agents then proceeded to interrogate me, having a hard time understanding that a comic book could be about anything other than superheroes, let alone that anyone actually wrote scripts for comics.’
Yeah, this is really helping.
Categories: Freedom · Security
Tagged: Freedom of Speech, Security
As sure as night follows day when you give petty bureaucrats the authority to regulate something they will inevitably try to expand their powers and ban more things. The Obama administration wants to ban more kinds of knives:
Hunters, whittlers and Boy Scouts, beware – your knives may soon be on the government’s chopping block.
The Obama administration wants to expand the 50-year-old ban on importing “switchblades” to include folding knives that can be opened with one hand, stirring fears the government may on the path to outlawing most pocket knives.
Critics, including U.S. knife manufacturers and collectors, the National Rifle Association, sportsmen’s groups and a bipartisan group of lawmakers on Capitol Hill, say the rule change proposed by Customs and Border Protection (CBP) would rewrite U.S. law defining what constitutes a switchblade and potentially make de facto criminals of the estimated 35 million Americans who use folding knives.
“Boy Scout knives, Swiss Army knives – the most basic of knives can be opened one-handed if you know what you are doing,” said Doug Ritter, executive director of Knife Rights, an advocacy group fighting to defeat the measure.
“The outrage is gaining steam,” he said.
This is a silly and pointless fight to take on. Banning more types of knives will not increase public safety. In fact there is really no justification to banning traditional switch blades. If anything we should be getting rid of these knife regulations, not expanding them.
I teach knife safety for both Cub Scouts and Boy Scouts. Any knife can be dangerous when not wielded safely. How it opens is irrelevant except for the consideration that the harder a knife is to open or close the more likely you are to hurt yourself with it.
Categories: Freedom
Tagged: Freedom, Knife Rights, Rights
This is an interesting story about a study of the economics of privacy in social networking:
The most interesting story we found though was how sites consistently hid any mention of privacy, until we visited the privacy policies where they provided paid privacy seals and strong reassurances about how important privacy is. We developed a novel economic explanation for this: sites appear to craft two different messages for two different populations. Most users care about privacy about privacy but don’t think about it in day-to-day life. Sites take care to avoid mentioning privacy to them, because even mentioning privacy positively will cause them to be more cautious about sharing data. This phenomenon is known as “privacy salience” and it makes sites tread very carefully around privacy, because users must be comfortable sharing data for the site to be fun. Instead of mentioning privacy, new users are shown a huge sample of other users posting fun pictures, which encourages them to share as well. For privacy fundamentalists who go looking for privacy by reading the privacy policy, though, it is important to drum up privacy re-assurance.
Personally, social networking sites concern me less from a privacy standpoint than institutions such as the government and financial institutions. I follow the rule that sites can’t disclose what they don’t know. I simply won’t voluntarily give any site personal information that I want to be kept private. If they ask for it, I just make stuff up. Unfortunately that is usually not an option when dealing with financial or government institutions.
I guess that makes me a privacy fundamentalist.
Categories: Privacy · Security
Tagged: Privacy, Security, Social Networking
Apparently the FTC has too much time on their hands according to this AP article:
Savvy consumers often go online for independent consumer reviews of products and services, scouring through comments from everyday Joes and Janes to help them find a gem or shun a lemon.
What some fail to realize, though, is that such reviews can be tainted: Many bloggers have accepted perks such as free laptops, trips to Europe, $500 gift cards or even thousands of dollars for a 200-word post. Bloggers vary in how they disclose such freebies, if they do so at all.
The practice has grown to the degree that the Federal Trade Commission is paying attention. New guidelines, expected to be approved late this summer with possible modifications, would clarify that the agency can go after bloggers — as well as the companies that compensate them — for any false claims or failure to disclose conflicts of interest.
It would be the first time the FTC tries to patrol systematically what bloggers say and do online. The common practice of posting a graphical ad or a link to an online retailer — and getting commissions for any sales from it — would be enough to trigger oversight.
So if Kim Cameron praises Cardspace in his blog, does that trigger an FTC inquiry? I mean we all know he works for Microsoft but does he have to put a disclaimer in each posting? Or is once the main page enough?
What makes this all the more silly is that tonight ABC will run an hour long infomercial for Obama’s nationalized health care, the cost of which the administration estimates to be more than 1.5 trillion dollars (and we all know it will never be that cheap). How come the FTC isn’t investigating that?
Oh wait, I forgot who runs the FTC now.
Categories: Media · Skeptic
Tagged: ABC News, FTC, Informercial, Media, Skeptic
Apparently the CLEAR program is defunct. As with any identity effort this raises the question about what happens to the data, especially biometric data, if the service provider goes out of business.
Kevin Kampman wants to know what happens to his data:
I am not surprised by CLEAR’s failure, but it raises other serious questions: Who gets custody of the background data that’s been collected over the life of the program? Will that data be archived or destroyed? Will another company or agency take over? (CLEAR’s privacy policy doesn’t seem to directly address the issue of what a successor entity can and can’t do with the data that’s been collected). Finally, what are TSA’s plans for this contingency? The TSA website currently doesn’t say anything about CLEAR’s termination.
Jackson Shaw wants to know what happened to his scans:
Now my question is: What happens to those digital fingerprints and retinal scans they took? Checking their privacy policy reveals this interesting tidbit:
…a copy of your biometric information (but not your name) is retained by the Transportation Security Clearinghouse to prevent fraudulent enrollments under alternate identities.
So, the TSA has my biometric information but not my name in order to prevent fraudulent enrollments under alternate identities? Hmmm, does that mean that the TSA has my biometric information but not my name but does have my social security number? Otherwise, how would they prevent fraudulent enrollments?
Yet one more reason not to use biometric authentication.
Categories: Authentication · Biometric · Identity · Privacy · Security
Tagged: Biometric, data retention, Privacy, Security
