tech in changing society

FBI used OnStar for surveillance

business, law, security, tech in changing society, technology / /

From Charles R. Smith’s “Big Brother on Board: OnStar Bugging Your Car“:

GM cars equipped with OnStar are supposed to be the leading edge of safety and technology. …

However, buried deep inside the OnStar system is a feature few suspected – the ability to eavesdrop on unsuspecting motorists.

The FBI found out about this passive listening feature and promptly served OnStar with a court order forcing the company to give it access. The court order the FBI gave OnStar was not something out of the Patriot Act involving international terrorism or national security but a simple criminal case.

According to court records, OnStar complied with the order but filed a protest lawsuit against the FBI.

Yet the FBI was able to enforce the original legal order and completed its surveillance because OnStar’s lawsuit took nearly two years to pass through the court system.

The 9th Circuit Court of Appeals recently ruled in OnStar’s favor. The ruling was not based on invasion-of-privacy grounds or some other legitimate constitutional basis. The FBI lost because the OnStar passive listening feature disables the emergency signal, the very life-saving call for help that the advertisements tout as the main reason to purchase the system. …

The technical problem of blocking the emergency signal is clearly one that the FBI tech teams can overcome. Thus, under the current ruling, the FBI can resume using OnStar to monitor subject vehicles once it has solved the emergency issue.

FBI used OnStar for surveillance Read More »

PATRIOT Act greatly expands what a ‘financial institution’ is

business, politics, security, tech in changing society / /

From Bruce Schneier’s “News” (Crypto-Gram Newsletter: 15 January 2004):

Last month Bush snuck into law one of the provisions of the failed PATRIOT ACT 2. The FBI can now obtain records from financial institutions without requiring permission from a judge. The institution can’t tell the target person that his records were taken by the FBI. And the term “financial institution” has been expanded to include insurance companies, travel agencies, real estate agents, stockbrokers, the U.S. Postal Service, jewelry stores, casinos, and car dealerships.

PATRIOT Act greatly expands what a ‘financial institution’ is Read More »

Camouflaged weapons

cool stuff, security, tech in changing society / /

From Noah Shachtman’s “Chameleon Weapons Defy Detection” (Defense Tech: 27 March 2006):

Last week I talked to Anthony Taylor, managing partner of an outfit which makes weapons which can be hidden in plain sight. You can be looking right at one without realizing what it is.

One type is the exact size and shape of a credit card, except that two of the edges are lethally sharp. It’s made of G10 laminate, an ultra-hard material normally employed for circuit boards. You need a diamond file to get an edge on it.

Taylor suggests that the card could easily be camouflaged as an ID card or one of the many other bits of plastic that clutter up the average wallet. Each weapon is individually handmade so they can be tailored to the user’s requirements.

Another configuration is a stabbing weapon which is indistinguishable from a pen. This one is made from melamine fiber, and can sit snugly inside a Bic casing. You would only find out it was not the real thing if you tried to write with it. It’s sharpened with a blade edge at the tip which Defense Review describes as “scary sharp.” …

According to one gun magazine, the CIA has had a ceramic handgun firing caseless non-metallic ammo for years.

Camouflaged weapons Read More »

It’s alright to fail at a startup when you’re young

business, tech in changing society, technology / /

From Paul Graham’s “Hiring is Obsolete” (May 2005):

The math is brutal. While perhaps 9 out of 10 startups fail, the one that succeeds will pay the founders more than 10 times what they would have made in an ordinary job. That’s the sense in which startups pay better “on average.”

Remember that. If you start a startup, you’ll probably fail. Most startups fail. It’s the nature of the business. But it’s not necessarily a mistake to try something that has a 90% chance of failing, if you can afford the risk. Failing at 40, when you have a family to support, could be serious. But if you fail at 22, so what? If you try to start a startup right out of college and it tanks, you’ll end up at 23 broke and a lot smarter. Which, if you think about it, is roughly what you hope to get from a graduate program.

It’s alright to fail at a startup when you’re young Read More »

Why big co’s are bad are creating new products

business, history, tech in changing society, technology / /

From Paul Graham’s “Hiring is Obsolete” (May 2005):

Buying startups also solves another problem afflicting big companies: they can’t do product development. Big companies are good at extracting the value from existing products, but bad at creating new ones.

Why? It’s worth studying this phenomenon in detail, because this is the raison d’etre of startups.

To start with, most big companies have some kind of turf to protect, and this tends to warp their development decisions. For example, Web-based applications are hot now, but within Microsoft there must be a lot of ambivalence about them, because the very idea of Web-based software threatens the desktop. So any Web-based application that Microsoft ends up with, will probably, like Hotmail, be something developed outside the company.

Another reason big companies are bad at developing new products is that the kind of people who do that tend not to have much power in big companies (unless they happen to be the CEO). Disruptive technologies are developed by disruptive people. And they either don’t work for the big company, or have been outmaneuvered by yes-men and have comparatively little influence.

Big companies also lose because they usually only build one of each thing. When you only have one Web browser, you can’t do anything really risky with it. If ten different startups design ten different Web browsers and you take the best, you’ll probably get something better.

The more general version of this problem is that there are too many new ideas for companies to explore them all. There might be 500 startups right now who think they’re making something Microsoft might buy. Even Microsoft probably couldn’t manage 500 development projects in-house.

Big companies also don’t pay people the right way. People developing a new product at a big company get paid roughly the same whether it succeeds or fails. People at a startup expect to get rich if the product succeeds, and get nothing if it fails. So naturally the people at the startup work a lot harder.

The mere bigness of big companies is an obstacle. In startups, developers are often forced to talk directly to users, whether they want to or not, because there is no one else to do sales and support. It’s painful doing sales, but you learn much more from trying to sell people something than reading what they said in focus groups.

And then of course, big companies are bad at product development because they’re bad at everything. Everything happens slower in big companies than small ones, and product development is something that has to happen fast, because you have to go through a lot of iterations to get something good.

Why big co’s are bad are creating new products Read More »

Jobs are unnecessary – just build something valuable

business, history, tech in changing society / /

From Paul Graham’s “Hiring is Obsolete” (May 2005):

I think most undergrads don’t realize yet that the economic cage is open. A lot have been told by their parents that the route to success is to get a good job. This was true when their parents were in college, but it’s less true now. The route to success is to build something valuable, and you don’t have to be working for an existing company to do that. Indeed, you can often do it better if you’re not.

Jobs are unnecessary – just build something valuable Read More »

It’s hard to judge the young, but the market can

business, tech in changing society, technology / /

From Paul Graham’s “Hiring is Obsolete” (May 2005):

It’s hard to judge the young because (a) they change rapidly, (b) there is great variation between them, and (c) they’re individually inconsistent. That last one is a big problem. When you’re young, you occasionally say and do stupid things even when you’re smart. So if the algorithm is to filter out people who say stupid things, as many investors and employers unconsciously do, you’re going to get a lot of false positives. …

The market is a lot more discerning than any employer. And it is completely non-discriminatory. On the Internet, nobody knows you’re a dog. And more to the point, nobody knows you’re 22. All users care about is whether your site or software gives them what they want. They don’t care if the person behind it is a high school kid.

It’s hard to judge the young, but the market can Read More »

The real vs. stated purpose of PowerPoint

business, history, social software, tech in changing society, technology / /

From Paul Graham’s “Hiring is Obsolete” (May 2005):

For example, the stated purpose of Powerpoint is to present ideas. Its real role is to overcome people’s fear of public speaking. It allows you to give an impressive-looking talk about nothing, and it causes the audience to sit in a dark room looking at slides, instead of a bright one looking at you.

The real vs. stated purpose of PowerPoint Read More »

Why did it take so long for blogging to take off?

business, history, social software, tech in changing society, technology / /

From Paul Graham’s “Hiring is Obsolete” (May 2005):

Have you ever noticed that when animals are let out of cages, they don’t always realize at first that the door’s open? Often they have to be poked with a stick to get them out. Something similar happened with blogs. People could have been publishing online in 1995, and yet blogging has only really taken off in the last couple years. In 1995 we thought only professional writers were entitled to publish their ideas, and that anyone else who did was a crank. Now publishing online is becoming so popular that everyone wants to do it, even print journalists. But blogging has not taken off recently because of any technical innovation; it just took eight years for everyone to realize the cage was open.

Why did it take so long for blogging to take off? Read More »

Why is American design so often terrible compared to Japanese design?

business, history, tech in changing society, technology / /

From Paul Graham’s “Made in USA” (November 2004):

Americans are good at some things and bad at others. We’re good at making movies and software, and bad at making cars and cities. And I think we may be good at what we’re good at for the same reason we’re bad at what we’re bad at. We’re impatient. In America, if you want to do something, you don’t worry that it might come out badly, or upset delicate social balances, or that people might think you’re getting above yourself. If you want to do something, as Nike says, just do it. …

For centuries the Japanese have made finer things than we have in the West. When you look at swords they made in 1200, you just can’t believe the date on the label is right. Presumably their cars fit together more precisely than ours for the same reason their joinery always has. They’re obsessed with making things well.

Not us. When we make something in America, our aim is just to get the job done. Once we reach that point, we take one of two routes. We can stop there, and have something crude but serviceable, like a Vise-grip. Or we can improve it, which usually means encrusting it with gratuitous ornament. When we want to make a car “better,” we stick tail fins on it, or make it longer, or make the windows smaller, depending on the current fashion. …

Letting focus groups design your cars for you only wins in the short term. In the long term, it pays to bet on good design. The focus group may say they want the meretricious feature du jour, but what they want even more is to imitate sophisticated buyers, and they, though a small minority, really do care about good design. Eventually the pimps and drug dealers notice that the doctors and lawyers have switched from Cadillac to Lexus, and do the same.

Why is American design so often terrible compared to Japanese design? Read More »

Media-induced fear & its effects

commonplace book, politics, security, tech in changing society / /

From John Twelve Hawks’s “ How We Live Now” (2005):

In his insightful book “The Culture of Fear,” Barry Glassner shows how many of our specific fears are created and sustained by media manipulation. There can be an enormous discrepancy between what we fear and the reality of what could happen to us. Glassner analyzes several “threats” such as airplane disasters, youth homicide, and road rage, and proves that the chance of any of these dangers harming an individual is virtually nonexistent.

Although Glassner accurately describes the falseness of a variety of threats, he refrains from embracing any wide-reaching explanation. It can be argued that the constant message of impending destruction is simply a way for the media to keep us watching television – “Are cyber predators targeting your children?” is a tagline that is going to get the audience’s attention. What interests me is not the reality of these threats, but the effect they have on our view of the world. Fear encourages intolerance, racism and xenophobia. Fear creates the need for a constant series of symbolic actions manufactured by the authorities to show that – yes, they are protecting us from all possible dangers.

Media-induced fear & its effects Read More »

Another answer to “I have nothing to hide”

law, politics, security, tech in changing society / /

From John Twelve Hawks’s “ How We Live Now” (2005):

“And so what if they know all about me?” asks the honest citizen. “I’m good person. I’ve got nothing to hide.” This view assumes that the intimate personal information easily found in our computerized system is accurate, secure, and will only be used for your benefit. What if criminals access your information? What if corporations deny you insurance or employment because the wrong data has ended up in your file? What if you simply want to take control over who knows what about you?

Another answer to “I have nothing to hide” Read More »

Government-created viruses for surveillance

law, politics, security, tech in changing society / /

From John Twelve Hawks’s “ How We Live Now” (2005):

The Traveler describes for the first time in any book the secret computational immunology programs being developed in Britain. These programs behave like the leucocytes floating through our bloodstream. The programs wander through the Internet, searching, evaluating, and hiding in a person’s home PC, until they detect a “dangerous” statement or unusual information. After gathering our personal information, they return to the central computer. There is no reason why they can’t easily be programmed to destroy a target computer … such as the one on which you’re reading this essay.

Government-created viruses for surveillance Read More »

What RFID passports really mean

history, law, politics, security, tech in changing society / /

From John Twelve Hawks’s “ How We Live Now” (2005):

The passports contain a radio frequency identification chip (RFID) so that all our personal information can be instantly read by a machine at the airport. However, the State Department has refused to encrypt the information embedded in the chip, because it requires more complicated technology that is difficult to coordinate with other countries. This means that our personal information could be read by a machine called a “skimmer” that can be placed in a doorway or a bus stop, perhaps as far as 30 feet away.

The U.S. government isn’t concerned by this, but the contents of Paris Hilton’s cell phone, which uses the same kind of RFID chip, were skimmed and made public last year. It may not seem like a problem when a semi-celebrity’s phone numbers and emails are stolen, but it is quite possible that an American tourist walking down a street in a foreign country will be “skimmed” by a machine that reads the passport in his or her pocket. A terrorist group will be able to decide if the name on the passport indicates a possible target before the tourist reaches the end of the street.

The new RFID passports are a clear indication that protection is not as important to the authorities as the need to acquire easily accessible personal information.

What RFID passports really mean Read More »

Japanese nuclear secrets revealed on P2P network

law, politics, security, tech in changing society, technology / /

From Mike’s “That’s Not A New Hit Song You Just Downloaded — It’s Japan’s Nuclear Secrets” (techdirt: 23 June 2005):

While IT managers may not see the importance of security software for themselves, you would think they would be a little more careful with things like interns and contractors. Not so, apparently. Over in Japan, a lot of people are not happy after discovering that a lot of classified technical data on nuclear power plants was leaked onto the internet by a contractor using a computer with a file sharing app that was apparently left open to sharing everything on the machine. First off, what kind of nuclear plant contractor is putting a file sharing app on his work laptop? Also, the article notes that the laptop was infested with viruses, but later seems to blame the file sharing app rather than the viruses — so it’s not entirely clear what the viruses have to do with this story. Update: Another article on this story notes that it was the virus that made the material available via the file sharing app. It also notes that the guy was using his personal computer — and somehow this was allowed. It also details the information leaked, including inspection data, photographs and names of inspectors, as well as where they stayed when they did the inspections. No matter what, you have to wonder why the guy was allowed to use his personal computer or to use any computer for this data that hadn’t been checked first for viruses or other vulnerabilities.

From Mike’s “Security Through Begging” (techdirt: 16 March 2006):

Last summer, the surprising news came out that Japanese nuclear secrets leaked out, after a contractor was allowed to connect his personal virus-infested computer to the network at a nuclear power plant. The contractor had a file sharing app on his laptop as well, and suddenly nuclear secrets were available to plenty of kids just trying to download the latest hit single. It’s only taken about nine months for the government to come up with its suggestion on how to prevent future leaks of this nature: begging all Japanese citizens not to use file sharing systems — so that the next time this happens, there won’t be anyone on the network to download such documents.

Japanese nuclear secrets revealed on P2P network Read More »

5 reasons people exaggerate risks

commonplace book, science, security, tech in changing society, technology / /

From Bruce Schneier’s “Movie Plot Threat Contest: Status Report” (Crypto-Gram Newsletter: 15 May 2006):

In my book, Beyond Fear, I discussed five different tendencies people have to exaggerate risks: to believe that something is more risky than it actually is.

1. People exaggerate spectacular but rare risks and downplay common risks.

2. People have trouble estimating risks for anything not exactly like their normal situation.

3. Personified risks are perceived to be greater than anonymous risks.

4. People underestimate risks they willingly take and overestimate risks in situations they can’t control.

5. People overestimate risks that are being talked about and remain an object of public scrutiny.

5 reasons people exaggerate risks Read More »

Why no terrorist attacks since 9/11?

history, politics, security, tech in changing society, technology / /

From Bruce Schneier’s “Movie Plot Threat Contest: Status Report” (Crypto-Gram Newsletter: 15 May 2006):

… you have to wonder why there have been no terrorist attacks in the U.S. since 9/11. I don’t believe the “flypaper theory” that the terrorists are all in Iraq instead of in the U.S. And despite all the ineffectual security we’ve put in place since 9/11, I’m sure we have had some successes in intelligence and investigation — and have made it harder for terrorists to operate both in the U.S. and abroad.

But mostly, I think terrorist attacks are much harder than most of us think. It’s harder to find willing recruits than we think. It’s harder to coordinate plans. It’s harder to execute those plans. Terrorism is rare, and for all we’ve heard about 9/11 changing the world, it’s still rare.

Why no terrorist attacks since 9/11? Read More »

Why disclosure laws are good

business, law, security, tech in changing society, technology / /

From Bruce Schneier’s “Identity-Theft Disclosure Laws” (Crypto-Gram Newsletter: 15 May 2006):

Disclosure laws force companies to make these security breaches public. This is a good idea for three reasons. One, it is good security practice to notify potential identity theft victims that their personal information has been lost or stolen. Two, statistics on actual data thefts are valuable for research purposes. And three, the potential cost of the notification and the associated bad publicity naturally leads companies to spend more money on protecting personal information — or to refrain from collecting it in the first place.

Why disclosure laws are good Read More »

Why airport security fails constantly

law, science, security, tech in changing society, technology / /

From Bruce Schneier’s “Airport Passenger Screening” (Crypto-Gram Newsletter: 15 April 2006):

It seems like every time someone tests airport security, airport security fails. In tests between November 2001 and February 2002, screeners missed 70 percent of knives, 30 percent of guns, and 60 percent of (fake) bombs. And recently, testers were able to smuggle bomb-making parts through airport security in 21 of 21 attempts. …

The failure to detect bomb-making parts is easier to understand. Break up something into small enough parts, and it’s going to slip past the screeners pretty easily. The explosive material won’t show up on the metal detector, and the associated electronics can look benign when disassembled. This isn’t even a new problem. It’s widely believed that the Chechen women who blew up the two Russian planes in August 2004 probably smuggled their bombs aboard the planes in pieces. …

Airport screeners have a difficult job, primarily because the human brain isn’t naturally adapted to the task. We’re wired for visual pattern matching, and are great at picking out something we know to look for — for example, a lion in a sea of tall grass.

But we’re much less adept at detecting random exceptions in uniform data. Faced with an endless stream of identical objects, the brain quickly concludes that everything is identical and there’s no point in paying attention. By the time the exception comes around, the brain simply doesn’t notice it. This psychological phenomenon isn’t just a problem in airport screening: It’s been identified in inspections of all kinds, and is why casinos move their dealers around so often. The tasks are simply mind-numbing.

Why airport security fails constantly Read More »