History, Security

The case for and against personal surveillance

Leave a comment

Bruce Schneier thinks an article in the London Review of Books is “nice”.

It’s hard to disagree with nice, but I will try. Take for example, this quote from the article about sharing mobile data:

Such services are obscure, and barely legal, but it’s about to be brought home to the majority of mobile users that what they’re up to isn’t private information

This needs some perspective.

I have heard from engineers working on this functionality for at least five years, and I first used Helio’s buddy finder system years ago.

At one evening social in 2004 I remember a bright young engineer from Berkeley who told me he was building a system that would reveal “hot spots” for dinner and nightlife by mapping the concentration of mobile devices. For example, he said you would want to go to the dance club once a certain threshold of people had arrived. Although I could imagine alerts based on certain conditions (e.g. Bob and Alice are on site, Charlie has not, therefore it is time/safe to arrive) I instead pointed out to him how I would game the system.

A restaurant, depending on his system’s authentication and authorization, could easily create high numbers of bogey attendees as a form of marketing. If people started showing up on site soon after, their presence would either confirm what they saw on the map or drive them to question the accuracy of the system. I asked him whether trust was critical to the success of his system.

He walked away with a worried look.

Perhaps more to the point I had to work extensively with an army of lawyers to build privacy protections into “public info” mobile services at least two years ago.

The pressure from mobile carriers to share user information is intense, because data is where the mobile companies and the software vendors derive and push value to you, the ever-demanding customer. They think you will buy more “stuff” from them if it can tell you more about your communities and friends.

While the author of this article dismisses the “approval” message control as insufficient, there is no mention of the usability balance (curse?). Most users are statistically challenged when it comes to security. They want ease-of-use and the mobile companies are all too willing to oblige.

A few people, like myself, are hired by software and mobile companies to argue on behalf of consumers. We say the usual things, such as privacy is paramount and controls need to be tough to circumvent.

In response, we inevitably are faced with a series of user feedback studies and support-queue reports that suggest the majority of users really just want the easiest interface possible (which also just happens to be the least cost solution to the provider) with a data-rich source at their fingertips.

I am not surprised that we are moving towards the capability of a private and open surveillance society. In fact, I think that has always been the trend. I am only surprised when people try to pretend that this is a new problem, and that there is no precedent or case to be made for giving people fair and balanced governance system. If you leave decisions to mob rule, or a benevolent dictator…hopefully you get the picture. I met with Motorola, Nokia, Sony, Helio and others about these issues years ago and it was always fun to draw upon concepts like economics, ethics and political systems to resolve the security disputes.

We’ve been here before. Designing protections against abuse related to mobile device data should be like designing the next wheel — new technology, same old concepts.

Food, Security

Food color ban in EU

Leave a comment

Safety groups in the UK are pressing for a ban on artificial food colors, according to the BBC News:

A food safety watchdog has called for a Europe-wide ban on six artificial food colourings after research found a link with hyperactivity in children.

A total ban on the use of the colours would have to be agreed by the EU.

So the Foods Standard Agency wants UK ministers to push for voluntary removal of the colours by next year.

I love this nugget of wisdom from the agency:

But the FSA added that as there were no nutritional benefits from the additives, there would be no cost or risk to the child in removing them from the diet.

The article quotes a food industry representative who says companies are already working to remove certain artificial color ingredients from food. I guess this is what is meant by a voluntary ban.

Sunset yellow (E110) – Colouring found in squashes
Carmoisine (E122) – Red colouring in jellies
Tartrazine (E102) – New colouring in lollies, fizzy drinks
Ponceau 4R (E124) – Red colouring
Quinoline yellow (E104) – Food colouring
Allura red AC (E129) – Orange/red food dye

I just checked the last entry on Wikipedia, Allura red AC, and found that this was introduced in the US to replace E123 and is derived from coal tar and a South and Central American beetle.

Disgusting.

The other colors listed above are related, and probably have a similar source. All of them are already banned in Denmark, Belgium, France, Germany, Switzerland, Sweden, and Austria.

America has not only approved it for food, according to Wikipedia, but also for cosmetics, tatoo inks, and last but not least drugs including…children’s medications!

With no “cost or risk” of removing the dye, and voluntary or legal bans in other countries, why are they still so popular in America? Go figure.

The regulatory body in the US seems lax to me, but an article in the Chemical & Engineering News praises the FDA for “strictly controlled conditions” and “very high standards of purity”. Notice they do not say “healthy”.

No matter where it comes from, any color added to our food is carefully regulated by the Food & Drug Administration to ensure it is safe to eat and is correctly labeled.

Ensure is such a definitive word. Safe to eat?

According to literature provided by Sensient, a major ingredient in the bitter Italian liquor Campari is an exempt dye called carminic acid. This vibrant magenta additive originates from the dried, crushed bodies of pregnant female scale insects called cochineal

I see. Apparently insects qualify as a natural source, so the regulators give them an exemption from being certified but they still have to be approved. It appears the FDA favors blurring the lines, with a cynical view of “natural”, while EU nations are seeking greater safety in their language and for the health of their children.

Security

Georgia Bigfoot a Hoax

Leave a comment

I think the most amazing thing about the recent bigfoot hoax is not that people fell for it, or even that two researchers paid “an undisclosed sum”.

The most amazing thing to me is that the men who cooked up the scam were in law enforcement.

The BBC declares ‘Bigfoot’ is monkey suit:

Matt Whitton, a police officer, and Rick Dyer, a former prison officer, told a news conference in California last week that they had made the find while hiking.

This does not reflect favorably upon the reputation of American law enforcement officers.

Security

18 California Hospitals Fined

Leave a comment

The Associated Press reports that the state of California has levied fines for unhealthy practices:

Eighteen hospitals in California were fined for state health code violations in which patients received shoddy care that in some cases led to deaths.

Violations included an improperly inserted catheter, a ventilator that wasn’t turned on and surgical tools left inside patients after operations.

The fines made public Monday stem from investigations by the California Department of Public Health.

The hospitals were fined $25,000 for each violation — the latest of dozens of penalties the state has issued in recent years to more than 40 hospitals.

The state keeps a list of penalties by county.

In related news, California also recently negotiated huge fines from health plan providers:

Anthem Blue Cross and Blue Shield — two of the state’s biggest health plans — agreed Thursday to pay a total of $13 million in fines and to offer new health coverage to more than 2,200 Californians the companies dropped after they became ill.

Speaking of the state of California health care, I have been trying to figure out why the governor was in favor of stronger state-led privacy restrictions for hospitals, yet he vetoed a bill that shadowed PCI. I took him at his word at first, that PCI was doing a fine job of self-regulation and private industry would not benefit from more laws regulating payment card data. If nothing else, PCI is good at creating charts and graphs showing that it is doing something about the problem and should be left alone. Who does that for health care providers?

I then noticed an article in the LA Times that suggests Schwarzenegger has been a victim of the medical records exposure at UCLA:

The governor says unauthorized people have looked at his hospital files, just as someone at UCLA examined the records of his wife, Maria Shriver. He calls for stronger privacy protections.

[…]

Schwarzenegger reiterated that his administration will push hospitals to implement new safeguards to stop such snooping.

That certainly suggests that he feels the pain of identity loss more personally from health care (especially privacy), rather than from any financial loss. On the other hand, the governor has recently moved to ban transfats state-wide.

The California legislature pushed the bill through last week, and Schwarzenegger signed it into law Friday, July 25.

The ban will require food providers to begin phasing out trans fat oils by July 1, 2009. Thereafter, noncompliance with the ban will result in fines of up to $1,000.

Perhaps he is just more concerned with health-related public policy issues than financial services, or he recognizes that while financial services are suffering the current state of state health-care is even worse.