Bruce Schneier thinks an article in the London Review of Books is “nice”.

It’s hard to disagree with nice, but I will try. Take for example, this quote from the article about sharing mobile data:

Such services are obscure, and barely legal, but it’s about to be brought home to the majority of mobile users that what they’re up to isn’t private information

This needs some perspective.

I have heard from engineers working on this functionality for at least five years, and I first used Helio’s buddy finder system years ago.

At one evening social in 2004 I remember a bright young engineer from Berkeley who told me he was building a system that would reveal “hot spots” for dinner and nightlife by mapping the concentration of mobile devices. For example, he said you would want to go to the dance club once a certain threshold of people had arrived. Although I could imagine alerts based on certain conditions (e.g. Bob and Alice are on site, Charlie has not, therefore it is time/safe to arrive) I instead pointed out to him how I would game the system.

A restaurant, depending on his system’s authentication and authorization, could easily create high numbers of bogey attendees as a form of marketing. If people started showing up on site soon after, their presence would either confirm what they saw on the map or drive them to question the accuracy of the system. I asked him whether trust was critical to the success of his system.

He walked away with a worried look.

Perhaps more to the point I had to work extensively with an army of lawyers to build privacy protections into “public info” mobile services at least two years ago.

The pressure from mobile carriers to share user information is intense, because data is where the mobile companies and the software vendors derive and push value to you, the ever-demanding customer. They think you will buy more “stuff” from them if it can tell you more about your communities and friends.

While the author of this article dismisses the “approval” message control as insufficient, there is no mention of the usability balance (curse?). Most users are statistically challenged when it comes to security. They want ease-of-use and the mobile companies are all too willing to oblige.

A few people, like myself, are hired by software and mobile companies to argue on behalf of consumers. We say the usual things, such as privacy is paramount and controls need to be tough to circumvent.

In response, we inevitably are faced with a series of user feedback studies and support-queue reports that suggest the majority of users really just want the easiest interface possible (which also just happens to be the least cost solution to the provider) with a data-rich source at their fingertips.

I am not surprised that we are moving towards the capability of a private and open surveillance society. In fact, I think that has always been the trend. I am only surprised when people try to pretend that this is a new problem, and that there is no precedent or case to be made for giving people fair and balanced governance system. If you leave decisions to mob rule, or a benevolent dictator…hopefully you get the picture. I met with Motorola, Nokia, Sony, Helio and others about these issues years ago and it was always fun to draw upon concepts like economics, ethics and political systems to resolve the security disputes.

We’ve been here before. Designing protections against abuse related to mobile device data should be like designing the next wheel — new technology, same old concepts.

A fascinating article in the NYT about Dr. Nouriel Roubini, points out that the current United States economy was a predictable disaster. He found a pattern and tried to warn people in 2006 of the coming crisis:

Most of these countries also had poorly regulated banking systems plagued by excessive borrowing and reckless lending. Corporate governance was often weak, with cronyism in abundance.

I noted in the article that he wrote a book with Brad Setser, a friend and former colleague of mine. I had tried to convince Brad, I would guess around the same time, that he should work with me on a book about macro-security.

Brad was not convinced. He said he worked in an obscure monetary field that has little or no relevance to information security.

This article reminds me that economics are never far from security, even information security. The economic security of nations and the role of governance are a macro study of the same issues most companies face every day when dealing with information security.

Maybe I’ll ping Roubini about this, although it sounds like he probably is in high demand:

Kenneth Rogoff, an economist at Harvard who has known Roubini for decades, told me that he sees great value in Roubini’s willingness to entertain possible situations that are far outside the consensus view of most economists. “If you’re sitting around at the European Central Bank,” he said, “and you’re asking what’s the worst thing that could happen, the first thing people will say is, ‘Let’s see what Nouriel says.’ ” But Rogoff cautioned against equating that skill with forecasting. Roubini, in other words, might be the kind of economist you want to consult about the possibility of the collapse of the municipal-bond market, but he is not necessarily the kind you ask to predict, say, the rise in global demand for paper clips.

That sounds exactly like the role of a security executive. They might be called a CSO, CISO, Chief Paranoid, or even court jester, but the role they play is critical to maintaining an even balance of information. Many times in my career I have been the only person to say “the data and reports show success highly unlikely and the benefits do not outweigh the risks — proceed with caution”. The first time you tell executives or a board of directors that they are headed for disaster, you can expect resistance. After a disaster you predict, you can bet management will at least ask for your view on all remaining projects.

As I used to say in meetings “it’s nice to look at the clouds during a picnic, but the guy watching ants is the most likely to predict the weather”.

America has a sad “gag rule” history few Americans know.

…the U.S. House of Representatives instituted the “gag rule,” the first instance of what would become a traditional practice forbidding the House from considering anti-slavery petitions. Representative James Hammond of South Carolina first proposed the gag rule in December 1835.

It lasted years, and was used by abusive men specifically to silence the speech of anyone perceived to have empathy for the oppressed (e.g. de oppresso liber).

Members of Congress publicly ridiculed [human rights petition] efforts. Senator Thomas Hart Benton responded to the tide of petitions by saying, “I would recommend to these ladies, not to douse their bonnets, and tuck up their coats, for such a race, but to sit down on the way side, and wait for the coming of the conquerors.”

“The conquerors” ended up losing their Civil War over denying rights to “such a race”.

Fast-forward to today and a story from The Register explains the difference between a Judge in Holland and one in America, when faced with the same situation:

NXP Semiconductor, maker of the cryptographically challenged Mifare card, has also taken legal action to silence researchers who poked holes in fare collection systems used in the Netherlands. A Dutch judge rejected the request.

Opsahl said the EFF planned to appeal the decision, even though a ruling will not be issued in time to save the canceled talk. He said the judge reached a very, very wrong conclusion when using the Computer Fraud and Abuse Act as grounds for canceling the talk.

“The statute on its face appears to be discussing sending code, programs or similar types of information to a computer,” Opsahl said. “It does not appear to contemplate somebody who’s giving a talk to humans.

A Dutch judge rejected the request. That could have been the end of the story, but America’s secret society of “gag rule” men still occupy the highest government seats.

Opsahl is referring to US District Judge Douglas P. Woodlock, who has ordered a gag for three students of MIT who were going to present the Mifare card story yesterday, but in context of the Boston transit system.

Some may remember that Woodlock is the same judge that told antiwar activists that they were “stuck under the tracks”. He ruled against their right to speech because of what he called an “irretrievably sad” post-9/11 world that requires internment camps as security precautions to gag speech.

Woodlock said he had initially assumed that activists were exaggerating when they likened the protest zone near Canal Street to an internment camp. But he said that after touring the area for 90 minutes Wednesday, he concluded that comparison was “an understatement.”

[…]

“One cannot conceive of other elements [that could be] put in place to create a space that’s more of an affront to the idea of free expression than the designated demonstration zone,” Woodlock said.

Nonetheless, Woodlock said that unruly demonstrators at other political events have made the precautions necessary to foil protesters who might hurl objects at delegates arriving on buses

The logic is tortured to the point where Woodlock seems to favor a dark authoritarian world as a form of “safety”.

In another example, Woodlock ruled against the free speech rights for three newspapers. These papers argued that speech rights were violated when an Architectural Commission in Boston banned “street furniture” including news racks. Unfortunately for the papers, Woodlock was a student of architectural history and favored the aesthetics and safety of the street more than any individual right:

“While the guideline forces plaintiffs to use distribution means in the district which they find economically unappealing or that they would otherwise not use,” Woodlock said, “this does not change the fact that alternatives to newsracks in the district are available to plaintiffs.”

The conditions might be economically unappealing, also known as financially prohibitive, but the judge said he was unsympathetic because he saw no evidence of expense/damage from the alternatives. Again, logic tortured to the point where you are told to think of possibilities still available to you once your speech is restricted. Maybe a paper can survive without a forum for speech, maybe not, but at least the streets are clean.

Reasons for “an affront to the idea of free expression” seem to be stacking up under Woodlock. Has he ever ruled in favor of free speech? Does he even believe in it? Anyone surprised that this man was nominated to his position by Ronald Reagan, or was a college friend of George W. Bush?

Douglas Woodlock was appointed to the district court in 1986 by President Ronald Reagan. He possessed an interesting pedigree: a couple of high school years at Phillips Academy Andover, a distinguished undergraduate career at Yale, capped by being chosen for the secret society known as Skull and Bones by fifteen club members (including George W. Bush) from the class ahead.

Woodlock’s distance from Bush should not be underestimated. Bush has been a long-time critic of free speech. He is still listed as the #1 Muzzle in The Thomas Jefferson Center for the Protection of Free Expression. Bush threatened legal action against individuals who tried to expose or discuss his flaws on the Internet:

In a May 21 press conference, Bush himself stated “[t]here ought to be limits to freedom.

[…]

On April 14, 2000, the FEC dismissed the Bush complaint stating, “this matter is less significant relative to other matters pending before the Commission.”

Americans should be ashamed of Woodlock’s decision on this matter.

The gag action on the Boston transit research is an embarrassment to the nation. Consider how the same situation played out in Holland:

The case went to court in Holland and now the court in Arnhem has overturned the injunction citing local freedom of expression laws.

In its ruling, the court said: “Damage to NXP is not the result of the publication of the article but of the production and sale of a chip that appears to have shortcomings.”

In a statement, Radboud University hailed the ruling and said: “…in a democratic society it is of great importance that the results of scientific research can be published”.

Oh, wow. That is really, REALLY well said.

Damage to NXP is not the result of the publication of the article but of the production and sale of a chip that appears to have shortcomings

These people are clearly intelligent and capable, and this ruling happened PRIOR to Woodlock’s gag order.

This means Woodlock must have decided to silence three students presenting the information to their peers despite the fact that already it is in the public domain. America’s “skull and bones” tin-pot dictatorship crew are indefatigable.

Who wants to bet the American judge will say something about how “unfortunate” or “sad” it is that his “hands are tied” or he is “forced” by post-9/11 events to censor and restrict the scientific community into an internment camp for their own “safety”?