Tuesday, November 28, 2006

More4: Suspect Nation

I missed it, but thanks to the lovely Internet you can now catch More4's 'Suspect Nation' documentary by Henry Porter on YouTube:

I've seen a third of it so far, but he's doing an excellent job of approaching the issues with a calm, non-agitated yet unassumingly questioning air - which, I think, is what we need.

Technological Tarot

Police Predicting Criminality in London.

Reminds me very much of Clay Shirky pointing out the destruction of free will. The same principle applies to terrorism, but this is just because crime and terror are the forefront of "applicability".

Even if you don't believe in free will, there are problems with this approach. Feature creep is the main one - if society is, by its cultural (rather than absolute) nature, a problem-solving entity (a fixation on science would suggest so), then all problems, big or small, should eventually lead to such predictive technologies being implemented in all areas.

This leads to the other problems. Firstly, how do we decide what is a "problem" - who sets out the norms that the "rest of us" are to adhere too, and how do they get overseen? (This is, of course, a current issue, only there seems to be less trust in the personal decision-making route than in "scientific" processes.) Secondly, to what extent can we trust the science to make accurate predictions, given that reality may (or, indeed, may not) differ wildly from the models used to predict?

To solve problems with 100% efficiency, all one needs to do is to lock everyone (including the guards) up at birth. This is the epitome of technological problem-solving.

Monday, November 27, 2006

Perp report: From ATM to MP3

Haven't been keeping up with El Reg recently, so this story about a man who used an MP3 player to hack ATMs is via the Kitcat, and is doubly interesting:

Firstly, the guy used the player to record the tones being sent over the lines. I tend to avoid paying a few quid just to get out ten, but the times I've stood around such a machine and heard these tones, I've always wondered if it would be possible to record and decode them, even if just to see what number was being dialled. (I always figured it would go quiet, like a modem, after initial connection...) Alas, there are no further details in the article, so quite how the tones were intercepted remains a mystery currently.

Secondly, it notes that "Police uncovered the scam almost by accident when they stopped Parsons for making an illegal u-turn in a car in London". This is, I guess the way forward. Years ago, I used to read 2000AD, and I distinctly recall Judge Dredd, hard-nosed bastich that he is, pulling people over for.. well, anything - getting in his way, or whatever. A swift, centralised identication process meant that he could always justify his intervention with the phrase "everyone's guilty of something".

Judge Dredd, I believe, was always meant to be a satire on the US police force. As with good satire, it never fails to end up a prediction...

Thursday, November 23, 2006

Negotiating the Future of Data Surveillance

The Telegraph today has an article on the state of surveillance today. While perhaps lacking in deep philosphical insights, it does do a decent job of listing the multiplicity and ubiquity of ways in which we are not just tracked, but preserved throughout all our activities - for example, pictures video of journeys being kept for 6 years.

Perhaps I've had a change of heart; perhaps merely trying to stick a foot in the ground and say "no" to data collection is the wrong way to get things to change. Progress sweeps all aside, it seems, and far better to influence what seems inevitable than to try to obstruct it.

Whether we live in a "police society" or not, we certainly have arrived at an information society, in which our daily lives are encapsulated as 0s and 1s. Considering the chances of getting some kind of bottom-up encryption/privacy scheme in place (a la "DRM for the citizen") are immensely slim, I think it's time we faced up to the realities of pervasive information.

"Pervasive" is an important word. Privacy isn't about obscurity, but about 2 other things. Firstly, it relates to the idea of some choice, or limitation of who knows what about us. We're happy to give information to supermarkets in exchange for "money off" (although I suspect that's an illusion). The problem comes when the information we think as being safely in the hands of one organisation magically (via, oh, law, or simple agreement to co-operate with governments, etc.) lands in the lap of someone we didn't really think would have access to it.

Of course, that's not true of all information. Certainly, there is probably more information - usually that which isn't involved in private transactions and, as such, isn't "exchangeable" for discounts, etc - that we would prefer no-one to collect. Should people know how many times we each have sex, for instance? From a "social welfare" point of view, perhaps this could be an indicator for the health of a relationship - particularly important if we decide that children must be looked after by loving parents.

(Note that this is different to actively encouraging, or forcing certain behaviour - that would be "fascist" indeed. The act of monitoring is encouragement enough - passive, non-interventionist, yet still effective. One cannot even say that this is the behaviour of a "Nanny" state, as their is a distinction between "supervision" and "deterrent monitoring".)

So we need to start considering, in force, how better to work with government (and, to a lesser extent, businesses) over un'warranted' data exchange. The demand for mor "efficient" services is real - whether in service processing, or in crime, etc. But at the moment, the citizen (or subject, if you like) is on the back foot, and the only dissenting voices are those which decry ever-increasing surveillance of information through government channels.

But maybe the future is compromise. A "deal". Something along the lines of.. "we, as citizens, need data exchange for this, and we don't mind you doing that so long as a) it's thoroughly accountable, and b) you really don't use data for that."

ID Cards are a good, multi-purpose example. We concentrate so much on the bad that arguments for the "good" use of data get crushed as well - but these good purposes are also mostly inevitable - this is the world we have.

The path, then, to having voluntary, controlled and accountable data-services (rather than the forces, and less transparent "hand-me-down" approaches currently being installed) is to negotiate, to enter into a deal-making situation.

Sure the idea of "good" and "bad" is going to be subjective, and vary across individuals. But that's the nature of democracy. Debate, discourse, involvement - these are the things that we need to ensure that the ever-increasing mountain of data doesn't just slip into the hands of those at the top without question. In a way, being in the debate is more important than simply having a "moral" point of view. At the moment, we're not even in that debate.

Wednesday, November 22, 2006

Media-Consumer Feedback Loops

Posted a piece on Media-Consumer Feedback Loops over on my other blog, wondering about news and reality spiralling out of control (for, say, house prices and terrorism), but thought it might be a good idea to link to it from here to, as it deals with media and terrorism and stuff.

Who Needs Cards?

So we're being asked to give our fingerprints on the streets now, are we? Whoop-de-woo.

Mark Wallace's comments about the end, pointing to this basically being a trial, rather than merely a "voluntary" scheme, are correct. This is yet another of those small steps that add up to become a mountain.

I say that the term "civil liberties" is wrongly used in a case like this. The impression we get of civil liberties is of the person, of the individual, and their relationship to the powers that be. In my view, that doesn't go nearly far enough. Schemes like this need to be reconsidered - not at an individual level, but at a societal level. We need to re-address what we want society, not people to be, and under increasingly "efficient" (and supposedly "necessary") mechanisms like this, we apparently want it to be bullshit.

I hereby discard "civil liberties" as a relatively useless, romantic politic under the current regime (perhaps it has more value in other cultures, which don't merely regard it as Hollywood optimism). And I hereby launch vitriol against the new idea of "Police Society" that, it must be said, we are loving every minute of in our fear-induced, cowled state.

Truly, the cult ("ure" omitted) of the UK has never been so weak and actively apathetic.

Monday, November 20, 2006

Poking the New Passports

Just picked up on an article in last Friday's Guardian that's worthy of a read: "Cracked it!" goes into some detail about an interesting "feature" of the encrypted channels RFID in the new UK passports use - namely, that the key needed to establish communications - and hence access the data on the chip - is made up of some standard details (passport no., date of birth, expiry date) which can easily be found if one has the passport.

There's the clincher, at the moment. The debate over security is centred around whether one has physical access to the passport or not. While the Home Office may be correct when it says that:
the information sucked out of the chip is only the same as that which appears on the page, readable with the human eye. And to obtain the key in the first place, you would need to have access to the passport

However, naivety is the bane of security applications - often, one small attack that seems non-consequential can be combined with various other "small" attacks to create something that is just as "consequential" as a "big" attack. Jigsaw pieces.

The question, therefore, becomes a matter of attitude. In other words, how does this naivety translate into ongoing, day-to-day authentication processes? To establish heavy cryptographic (effectively DRM) techniques is one thing. To assume that they can't be broken and to carry on as if they never will be is another. The article mentions the information available to, say, a postman - who knows a passport is for you, knows the name and address, and can get hold of birth dates relatively easily. (The profiling longed for by government ripples out into the commercial sector too, of course...) Brute-forcing the passport number may or may not be difficult.

There seem to be a fair few people working on the security (from both sides) of this machine, anyway. It'll be interesting to see how it goes, and whether or not "zero-day" exploits emerge from underneath our attitude.

Thursday, November 02, 2006


Annoyingly, I'm way too busy to read it right now. But for future reference, here's a link to Richard Thomas' report on the Surveillance Society. (Via BBC News.)

Back soon.