Category Archives: Security

Energy, History, Security

How to Make Quality Technology

2 Comments

An excellent lecture with common sense. RSA Animate illustrates why profit is not the best motivator for quality.

First, I disagree with the start of the presentation. The science is not freaky or surprising. People are still as manipulatable and predictable as ever. I explain this in my social engineering presentation where I demonstrate common fraud methods. Profit may be less important than American economists thought, but it reminds me that economists study…profit. Only an economist would say it is “irrational” to play an instrument. Social engineering experts, or even anthropologists and political scientists, are obviously going to be less likely to focus on profit when researching motivational factors. They see people manipulated by things like pride, prejudice and authority and realize that in many cases none of it is profit. With economists it really should be no surprise that profit is not always the prime motivator. This lecture concludes that mastery, purpose and contribution are motivators but there are others as well.

Second, I have to question why economists were ever under this impression (the lecturer says he believed only in profit three years ago). Why did they see profit as the sole and only motivator? I bet a huge clue is right at the start of the lecture when he says “mechanical skill” is very successfully manipulated by profit motive in business. Immediately it comes to mind that Henry Ford, Thomas Edison, and other industrialists were proponents of mechanical skill.

Perhaps it is from this era that a perception of a beautiful assembly-line with profit as motive became some kind of ideal. An American could create massive wealth as owner of a highly mechanized system of production. Inventor of the car was not Ford, Inventor of the light bulb was not Edison. I have seen scant evidence they believed in incentives for innovation, just output that allowed high margins. The Ford company showed this in spades over the past ten years when they pumped out SUVs for profit at a time when they could have innovated in hybrid cars with a purpose. That decision almost killed them, even though they had a few good years before the crash.

Ford and Edison, who actually were good friends, believed growth through profit incentives was the ideal path for everyone else because they saw it as their own path of success. Those who could produce more product, garner more profit, wrote the story of motivation. Ford not only did not innovate but he struggled with the basic concept of changing paint colors in cars to let consumers innovate and differentiate from each other. Edison meanwhile never actually invented anything (am I getting too excited here?) — he actually setup a warehouse full of mostly immigrants, poorly paid, who were hired to invent for him and then put his name on whatever they came up with. The inferior lightbulb he produced (inefficient use of energy and short life) was highly successful because it was produced faster than anything else and more consistently. His profit motive led to more profit than his competition, which enabled him to win in a race for profitability and NOT good product. Easy to see how mechanical skills were the focus of the empire he built. Americans came to believe in him as an inventor because he had great marketing and cash in the bank.

Regardless of whether you buy into my hypothesis (rant?) about Ford and Edison it stands to reason that other incentives, such as purpose, existed all along; they have been just poorly represented as goals against those who were profit driven and used their profit to market a particular vision of success. Nonetheless the mechanical skill view had many more years of success examples before losing much of its appeal. It carried the country all the way through the difficult 1940s. The Sherman tank, for example, was not superior or innovative but it was produced at a much faster pace than the enemy’s. A German Tiger tank would often face three or more Sherman (there were roughly 50 times as many Shermans on the ground to fight the Tigers). The Americans knew, in other words, that they were at high risk when put head-to-head against a tank better-suited for its purpose (longer range with better armor). However the US did not choose to improve quality, despite risk, when they found mechanical skill and assembly-lines (produced faster than anything else and more consistently) also achieved results.

Return for a moment to the question of why economists are surprised. The 1950s saw the vision of profit as motive begin to unravel in America as disillusionment was expressed by the likes of Kerouac; he said why work so hard in highly mechanical tasks if profit (margin and/or quantity) may never come but also was never truly fulfilling. This divergence from profit as a prime motive really came undone by the late 1960s during economically innovative years of “goodwill” and “free” stores that “recycled” without profit. This seems like yet another example of why economists have no reason to be surprised, but I’ll leave that thread for another day because it also touches on interesting points about compliance and regulation.

Back to the lecture it says the economists noticed their new test actually works outside the US. They position this as proof that purpose as motive is not an anomaly. I say this actually proves that the US is the anomaly. It works elsewhere because it should not have been a surprise in America; a period of rapid and dynamic mechanical skill growth with money as a motivator in the US does not mean the other motives never existed or would not come back. The industrial revolution through fabrication and mechanization generated a fascination so intense it even bled into sports — baseball, football and basketball — that are highly mechanical in nature and reward. Compare their program, run, stop, review, repeat and incentive system to a game of soccer.

With all that being said it also is notable that innovation in America has typically come from those not working with profit as their prime motivator. Post-it notes are a fun example. The proof is right under our noses. Those who say Apple is highly innovative have to prove it to me; as a life-long Apple consumer I don’t buy it. Show me an iPhone and I will give you a list of all the ideas it incorporates from others. All the way back to the first mouse debate it was clear to me that Jobs and Woz are the best at refining others’ ideas, not creating new ones. This is not to say they are driven only by profit, but it sure fits their motivation profile a lot better than Einstein’s.

If you still don’t believe me. I will go into much more depth on this when I present on the “Top Ten Breaches” next Wednesday at the RSA Conference in London. How does this fit security, you might ask?

The best defense prepares for attacks other than the ones motivated by profit alone — the most dangerous attacker may not be profit motivated at all. Likewise, the best defense is developed through incentives other than profit. As the lecturer points out, bugs will be fixed for free and much sooner if you can accept and promote motivations outside of profit. It is through these two views of security management that we really are looking at ways to find quality. I hope to see you there.

Security

US Healthcare Blamed for Low Life Expectancy

Leave a comment

Another study has been released that says US healthcare needs reform. The researchers call out weak regulation as a primary factor since other countries with stronger regulation have not seen the same deterioration.

In this paper we explore changes in fifteen-year survival at middle and older ages, alongside per capita health care spending, in the United States and twelve other wealthy nations. We then examine the extent to which the survival and cost variations over time among these nations can be explained by demographics, obesity, smoking, or mortality events that are not closely related to health care, such as traffic accidents and homicide. By comparing health system costs and mortality rates over time, it is possible to assess whether trends in risk factors for health or causes of death can explain the observed relative decline in broad health outcomes among American men and women over the past thirty years.

The BBC calls it US healthcare ‘to blame’ for poor life expectancy rates.

The US spends far more on healthcare than any other country as a percentage of gross domestic product, the study finds.

“We speculate that the nature of our health care system – specifically, its reliance on unregulated fee-for-service and specialty care – may explain both the increased spending and the relative deterioration in survival that we observed,” the authors wrote.

“If so, meaningful reform may not only save money over the long term, it may also save lives.”

The authors said those aspects of the US health system contributed to unnecessary medical procedures, poor communication between doctors and higher rates of medical errors.

Security

Sex Offender Database Outage

Leave a comment

BI Incorporated runs a Microsoft-based database of registered sex offenders in the US. They suffered a major outage when they hit more than 2.1 billion records. Apparently no one saw it coming.

An explanation is posted on their website:

“At 7:29 a.m. Mountain Time on Oct. 5, BI Incorporated experienced a problem with one of its offender monitoring servers that caused this server’s automatic notification system to be temporarily disabled, resulting in delayed notifications to customers. The issue was resolved approximately 12 hours later at 7:25 p.m. MT. The issue was confined to the BI TotalAccess Server when its database exceeded its 2.1 billion record threshold. The BI system notified administrators and technical staff of the issue immediately and a team was immediately assembled to diagnose and plan for recovery.

“Importantly, the monitoring system continued to operate and gather information, but transmissions were delayed until the system was restored. Offender activity logged while the server was being worked on was effectively processed at 7:25 p.m. MT when the system was restored. Alerts that may have occurred during this period were transmitted to our customers at that time.

The database ran “out of values in a column in a table”. It now has been expanded, they say, to 1 trillion records. They did not explain the rate of change to records over time. Was it getting exponentially larger lately or has it been slowly creeping? An expert is cited in their press release saying no one could have predicted running out of space.

The irony of the story, and that expert testimony, is that an alerting system for this alerting system is said to now be a priority for BI.

…we are working with Microsoft to develop a warning system on database thresholds so we can anticipate these issues in the future

Security

New California Driver License Security Features

1 Comment

The State of California has added a list of security features (some public, some secret) to its drivers license. The LA Times says it was designed to thwart counterfeiters.

Among the new features, licenses for drivers under age 21 will be printed vertically, making them easier to identify for police and shopkeepers. The cardholder’s signature and birthday will be raised, allowing them to be felt by touch.

Hidden images can be seen only with the use of ultraviolet light, and a laser perforation outline of the California brown bear will be visible when a flashlight is pressed against the back of the card.

The back of the card will still have a magnetic stripe but will also have a 2D barcode; both store information from the front of the card.

The new license was only just released but already I hear licenses from Nevada and Oregon are more common. California says they issue about 8 million licenses and ID cards a year. Will a change in that rate number be linked to these security measures?

On the flip side inside jobs are usually the most dangerous; the new CA license will definitely carry more weight but will it have the appropriate protection of the source? A certificate authority’s certificates are only as good as…

I am excited to know my signature will soon be easily copied with a piece of paper, some charcoal and a little pressure.

Updated 2019: So many people are coming to this post I wrote in 2010 to find out about the “Real ID” cards that have been available since January 22, 2018, due to a deadline of October 2010 for federal security. Valid U.S. passport will be required after October 2020, if you don’t have a Real ID card. California DMV has a Real ID portal site.