The Register comments on the state of things, based on a 2006 study that was just released:

In a paper titled “Analyzing Web sites for user-visible security design flaws,” researchers from the University of Michigan found 75 percent of bank sites surveyed had at least one such design flaw. The report was presented Friday at the Symposium on Usable Privacy and Security meeting at Carnegie Mellon University.

“To our surprise, design flaws that could compromise security were widespread and included some of the largest banks in the country,” said Atul Prakash, a professor in the university’s Department of Electrical Engineering and Computer Science, who initiated the study. Doctoral students Laura Falk and Kevin Borders also participated.

The flaws aren’t bugs, but rather features built into the design of the sites.

Why so long to announce? Many of the flaws are user interface related, such as not letting users know when they are being redirected and not telling them when SSL is disabled. Those are tough issues to baseline, since there is hardy a consensus on the best way to educate users about page and site safety. One thing is clear, however, the US regulators could be doing far more to protect consumers. It should not require a university study to find weak passwords and non-unique IDs.

Google has been kind enough to extend SSL to an entire mail session, not just the authentication page. This helps a little, as the sensitive information your bank foolishly sends in email now could be encrypted in transit, but banks should know better and their examiners/auditors should get on the ball.

Something is definitely odd about a story where a police officer forces his way into an ex-mayor’s home and uses a tazer on her. The Steamboat Pilot reports:

Tension has been running high in Oak Creek recently as it relates to the town’s police department. Some residents have complained about over-aggressive enforcement that borders on harassment; others say it’s simply a case of law enforcement officers doing what’s needed to protect residents and enforce the law.

Let’s take a closer look at the “doing what is needed to protect” statement.

“I have no reason to believe the actions that were taken were not appropriate,” [Oak Creek police Chief] said about the arrest. ”The use of the Taser is the most humanitarian tool we have. It has a low probability of injury both to the suspect and the officer.”

First of all, I do not have all the facts. This article seems to suggest an officer suspected the ex-mayor of a DUI but she resisted arrest by driving to a home, running into it and the door was closed on the officer so he forced entry. That must have frustrated him. In fact he made an injury claim related to the door being closed. Aside from that strange sequence of events, I do not understand why he used the Tazer. Was he in danger?

I think it fair to say that the Colorado Police Chief is going beyond the call of duty in defending the actions of his officer. However, we do not need all the facts to smell a sick marketing ploy.

My concern is that someone who believes that use of the Tazer is the most humanitarian tool available to law enforcement is either a fool or a sadist. What ever happened to communication?

It is well documented that the Tazer causes a target intense pain and even death.

The United Nations Convention Against Torture has linked the taser stun-gun to torture, one month before a report on the weapon is due out from the New Zealand Police.

“The use of these weapons causes acute pain, constituting a form of torture,” the UN committee concluded.

Originally the Tazer was sold to officers as a last step before lethal weapons were drawn, but given that the Tazer now is increasingly billed as a way to resolve any disagreement, and it has been linked to hundreds of deaths…Colorado is now proof of the shift to a wildly unbalanced risk management model.

This new risk model is one where the police are led to believe they are justified in what amounts to torturing their suspects. This is based not on a study of effective control practices, but on a highly misleading Tazer training program designed to boost sales:

One reason for Taser’s increasing windfall has been that the company has turned its original weapon-focused marketing initiative upside down by insisting the Taser is a hand-held lifesaver. Retired Minneapolis police officer Michael Quinn was a part of one of the first groups of MPD officers to get trained on stun guns. “It appeared like a useful tool,” Quinn says. “But even then the department as a whole was concerned about abuse of the weapon.”

[…]

Quinn remembers watching sales and training videos that detailed only uncommonly dangerous scenarios as examples when the Taser should be deployed. “When you saw the original sales videos, they used pretty extreme cases, like ‘Here’s a guy wielding a machete we can’t get close to, or here’s a guy wielding a knife or another weapon.’ They were able to Tase him from a distance and not get hurt,” Quinn recalls.

“It used to be put below deadly force, but not a long ways below that, on the use-of-force continuum,” Quinn continues. “Now it’s slid down that force continuum, where at some agencies if someone presents even a verbal resistance and says I am not going to go with you, officers are justified in using the Taser.”

Canada, like New Zealand, has been looking at concrete data and considering ways to regulate Tazer-happy officers:

Three people have died recently in Canada after being shocked by Tasers.

The police force said it will more clearly define the type of behavior that would prompt an officer to use a Taser, limiting it to situations where “a subject is displaying combative behaviors or is being actively resistant.”

The previous policy allowed officers to use a Taser when a suspect’s behavior was deemed threatening

[…]

More than a dozen people have died in Canada after being hit with Tasers in the last four years, according to Amnesty International. However, the Arizona-based manufacturer of Taser guns, Taser International Inc., says the devices have never been conclusively linked to any deaths in Canada.

At least they did not call their tool the most humanitarian tool. I suppose the police chief might also call the SUV the most efficient vehicle.

The bottom line is firing huge amounts of electricity into a person’s body subdues them because it causes a form of shock. This clearly has advantages over other more lethal weapons, but use should be clearly restricted to cases where there is threat of death or grievous bodily harm.

Updated to add: Comments in The Colorado Independent suggest that the ex-mayor has a history of drinking and other substance abuse, and that the new police chief is the first to stand up to outlaws in the town. Although that may be well and true, it does not change my concern with the description of a Tazer as the “most humanitarian tool”. Most efficient SUV, least alcoholic whiskey…the words Tazer and humanitarian should not be used together .

While reading about the Poetry of Guantánamo Bay, I ran across this interview with a staff writer of The New Yorker and decided it needed it’s own blog post:

AMY GOODMAN: Jane Mayer, you also report that back in 2002, the CIA warned that up to a third of the prisoners at Guantanamo may have been imprisoned by mistake.

JANE MAYER: Isn’t that—to me, this is one of the amazing anecdotes in this book. It’s not the ACLU. It’s not, you know, some kind of outside human rights group. It’s the CIA that warned the government. They sent—the CIA sent a particular expert down to Guantanamo in the summer of 2002 to figure out what’s going on. Why are we not getting better intelligence out of these detainees down in Guantanamo? And he was an Arab speaker and an expert in Islamic fundamentalism.

He interviewed a number of the detainees in Guantanamo, and he came back saying, “Bad news. The reason we’re not getting better intelligence, part of the reasoning anyway, is that about a third of the people are innocent.” From what he could tell, they were just mistakes. They were locked up—you know, they were just brought in by—herded in by mistake. And—

AMY GOODMAN: Mistake, like, for example, bounty hunters.

JANE MAYER: Right, sure. Bounty hunters who were—you know, and people who were put—there were people put in to—because of personal grudges. There was one—one detainee was there because he had been a teacher of somebody and given them a bad grade, and the person that he’d flunked pointed him out as a terrorist, and he was rounded up.

Whoa, I missed that news.

Nothing like false positives that ruin people’s lives. Remember how Cheney defended his position?

“Those who most urgently advocate that we shut down Guantanamo probably don’t agree with our policy anyway,” the vice president said after presenting the Gerald R. Ford Foundation journalism awards at the National Press Club.

Given all the facts, he said, “Our policy is the correct one.”

In other words, the correct policy is ours, therefore our policy is correct. If you disagree, you become irrelevant by definition.

Any questions? Is there anyone who could grade Cheney’s work? I nominate Henry King Jr. the Nazi war crimes trials prosecutor who has already issued a clear statement on what constitutes a fair trial.