Any effort to rebuild TSA and get airport security right in the U.S. has to start with two basic principles:

First, the TSA’s mission is to prevent a catastrophic attack on the transportation system, not to ensure that every single passenger can avoid harm while traveling. Much of the friction in the system today results from rules that are direct responses to how we were attacked on 9/11. But it’s simply no longer the case that killing a few people on board a plane could lead to a hijacking. Never again will a terrorist be able to breach the cockpit simply with a box cutter or a knife. The cockpit doors have been reinforced, and passengers, flight crews and air marshals would intervene.

Second, the TSA’s job is to manage risk, not to enforce regulations. Terrorists are adaptive, and we need to be adaptive, too. Regulations are always playing catch-up, because terrorists design their plots around the loopholes.

The rest of the article makes for great weekend reading.

I like that Kip Hawley is so open and willing to talk about airport security issues. I enjoyed his extensive interview with Bruce Schneier back in 2007. I don’t always agree with him, but his opinion is worth reading. I’m looking forward to the book.

Not so long ago, there was a familiar product called software. It was sold in stores, in shrink-wrapped boxes. When you bought it, all that you gave away was your credit card number or a stack of bills.

Now there are “apps”—stylish, discrete chunks of software that live online or in your smartphone. To “buy” an app, all you have to do is click a button. Sometimes they cost a few dollars, but many apps are free, at least in monetary terms. You often pay in another way. Apps are gateways, and when you buy an app, there is a strong chance that you are supplying its developers with one of the most coveted commodities in today’s economy: personal data.

Essentially, the Wall Street Journal is saying that there’s no such thing as a free lunch. Those apps cost something: data. Is this as valuable as cash? Maybe. It’s certainly more of a risk for the companies that make the apps, but it could pay off big. Here’s one estimate from the article:

The “app economy,” which includes Facebook as well as smartphone apps, is estimated to have generated $20 billion in revenue in 2011 by selling downloads, advertising, “virtual goods” and other products, according to estimates from Rubinson Partners, a market researcher.

The WSJ article hits on a lot of big points, many of which are common themes in the security and privacy community. However, it also reminded me of a post from Marco Arment about TextMate 2. The creator of TextMate offered a free upgrade to TextMate 2 for the people who bought the first version. That was years ago. Marco wants to pay for TextMate 2 to ensure that its creator can continue to afford to work on the program.

Although paying for TextMate 2 may seem totally separate from the Facebook business model, there’s an important connection here:

By virtue of its size and user base of 800-million-plus people, Facebook is at the heart of the personal data economy. Popular apps can quickly go “viral” there and gain millions of users—but can also flame out just as quickly. This explains why some apps seek to cash in by gathering as much data as possible and hoping to find ways to make money from it.

Let’s say that someone creates a Facebook app that you really love, but maybe it just doesn’t go ‘viral’ or the creators aren’t able to turn all that data they have access to into cash. What option do you have to ensure that they will keep the app working? After the big influx of initial users, what other data could be collected to keep the app developers working on it?

Transcript.

You don’t have to think of yourself as a programmer to create some moderately complicated programs in Excel. Also, with modern computers available to us, cryptography is easier to play with than you might think. I hope we see more projects like this.

Solitude and Leadership is actually the text of a lecture at West Point in 2009 by William Deresiewicz. The moment that I knew this hooked me was when he started talking about distinction between solitude and introspection. It’s probably worth reading today and again in three weeks after you’ve had time to ponder it a bit. The essay is around 5,800 words and will take just under 20 minutes or so to read. Enjoy!

I was rather stunned since the last time I used a Microsoft operating system by choice was 1999. Still, I wanted to see where this went, so I asked them what I should do.

They wanted to start by verifying that I had the virus. This involved looking for warnings in some part of the control panel. I just agreed with the prompts the man on the other end of the phone gave me. I remain familiar enough to understand what sorts of screens he was walking me through, but since I’m not an active Windows user, I wasn’t able to learn much about their procedures here.

Eventually, they wanted me to visit www.teamviewer.com, which I will not link to here. This allowed me to determine that they were, as I suspected, scammers. You can read more about a previous version of the scam on Microsoft’s website.

At this point, I knew I wouldn’t be able to fake them out any more. I told them I wasn’t comfortable with the fact that they had my phone number, and I wanted to call them back to ensure that they were a legitimate operation. The man on the other end of the phone didn’t bat an eye at this. He immediately gave me a phone number, which I immediately Googled. The number he gave me was used in other scams previously.

I thought I would write about this experience for two reasons. First, it’s worth knowing that something like this particular scam could happen to less tech savvy folks. Second, this is a data point in a trend of phishing attacks becoming more personalized. I expect to see more attacks like this, not fewer.

I finished reading The Friar and The Cipher in less than a week, but it’s taken me quite some time to write the review of it. I was interested in the book because I love cryptography and everything on the dust jacket of the book indicated that it was roughly half about the Voynich manuscript. The Voynich manuscript is one of the most interesting puzzles in cryptography and linguistics. It’s a 240 page book written in the early 15th century, and its contents remain a complete mystery. The script is not latin, arabic, or any other recognizable alphabet, but the arrangement and frequency of the characters appear to have many of the same characteristics of natural languages. Deciphering it would almost certainly become a world-wide story regardless of what it actually says.

However, having read the book, saying that The Friar and The Cipher is about the Voynich manuscript feels extremely misleading. Most of the book is about Roger Bacon, whom the authors believe is the author of the Voynich manuscript, and the history of science and the Catholic church. Although the book is extremely readable, chapter after chapter about Roger Bacon, Thomas Acquinas, and the early debate between science and religion was not what I expected. Luckily, I find those topics interesting as well. In fact, I’ve read quite a bit about the debate regarding the interplay of science and religion. If I didn’t have that background, I would have felt rather cheated.

Frankly, this book didn’t satisfy my desire to learn more about the Voynich manuscript, and I would only recommend it as a book about the Voynich manuscript because of the dearth of material covering that mystery. Still, you might be better served by picking randomly from the further reading list on its Wikipedia page.

photo credit: Lawrence OP

The authors don’t present material as unbiased journalists; they emphatically present their opinions that Roger Bacon has yet to receive proper recognition for his work and that Bacon is the most likely author of the Voynich manuscript. As a result, the book reads as rather one-sided. They lay much of the blame for this on the Catholic church, which may be justified, but they also seem willing to take shots at Christianity in general. They take the position that science and religion are completely incompatible as if there weren’t even a debate about it. They also make broad statements about “the church” as if they are fact even though they directly contradict other authors without even mentioning the other interpretation. (For examples, read the Amazon reviews. I won’t repeat their examples here.)

Books that purport to explore a mystery should at least attempt to be unbiased. I wouldn’t recommend it to anyone who wasn’t already familiar with both cryptography and the debate between science and religion. If you don’t feel comfortable talking about those topics with knowledgeable folks, then you will find it hard to discern between fact and opinion while reading The Friar and The Cipher. Still, the book was not irredeemably bad. I did learn a little bit more about church history, and it’s sparked my interest in reading more unbiased accounts of that time period. Besides, it was a quick read. There probably aren’t that many people who would be interested in The Friar and The Cipher, but it’s interesting if you consider yourself to fit that category.

In The Plex focuses more on “how Google thinks and works” than on “how Google shapes our live.” To that end it is a better book about the business of technology than a book describing the impact of Google on our culture. I was a little surprised by this because The Perfect Thing is the best single description of the cultural impact of a piece of technology that I’ve ever read. However, Levy’s decision to focus on Google’s business impact probably gives the book more shelf-life (Yeah, I’m not apologizing for that pun.) since Google’s impact on our culture is still being played out. Google introduced many of the fundamental ideas about cloud computing to the average person, and society definitely hasn’t fully grasped the implications of “the cloud” in our society. Still, the early history of Google and their process for building and managing a technology company are well-documented in the book, and this will prove valuable for many years to come.

The book consists of seven parts, with a prologue and an epilogue. The first four parts are outstanding, classic Steven Levy work. Google’s unreal, rapid growth; its famous hiring practices; and its lavish employee benefits are all well-cataloged here. Levy does an amazing job conveying tons of information in an extremely short space here. I enjoyed Levy’s choice to organize this material topically as opposed to chronologically. So many things were happening so quickly with Google, that describing them in the order they happened would have utterly overwhelmed the reader.

The last three parts of the book are where he starts to lose me. Levy sort of gives Google a bit of a pass on some rather important mistakes that they’ve made. Part Five covers everything from YouTube and Android to all the random other things that Google does, but it feels slanted towards “successes” rather than mistakes, which are briefly described in the epilogue. Part Six covers Google’s ventures in China, but it also feels a bit pro-Google. What part of “Don’t be Evil” includes actively supporting the Chinese government? Part Seven focuses on the impact Google has had on the government and the various lawsuits that have become major national news (e.g. Book Search). These also seem rather slanted to me. For example, many of the Googlers who went to work for the White House or other branches of the government complained that they weren’t able to work at Google speed while they were there. This implies that Google is somehow impressively fast, when the reality is that a cadre of Molasses manufacturing executives could switch to government work and discover whole new levels of sluggish bureaucracy.

Those last three parts weren’t so much inaccurately puffing up the accomplishments of Google as much as they were simply not quite telling the whole story. Levy minimizes many of the “negatives.” Google’s Buzz snafu was relegated to a couple of pages in the epilogue. Google’s WiFi data collection as a part of their street view project is similarly lacking in coverage. Levy should have investigated these incidents thoroughly. How does a company as important at Google make mistakes like these? A book with the subtitle “how Google thinks, works, and shapes our lives” should provide more detailed answers.

The only pro-Google aspect of the last three parts that was missing or incomplete was the China hacking incident. Although this was covered from the Google perspective, it was a major incident for other technology companies and more importantly for the U.S. Government. The incident forces several questions implied by the information technology revolution like: How should we respond to international hacking incidents? What is the role of the U.S. Government in protecting companies that have been hacked by foreign governments? And what is the legal process for adjudicating international hacking incidents? These are critical questions that were first brought to the national conversation by the Google hacking incident. We don’t have answers to them, but they aren’t even adequately described as important in the book.

Steven Levy is one of my favorite technical authors, and I’ve read many of his books. I just recently finished Insanely Great, and I previously read both Crypto and The Perfect Thing. If I were ranking them, I would probably have to place this book at the end of that list, which is more to say that his other books were fantastic and this one was merely good.

One of the main problems with the current PKI model is the lack of control over CAs and their subsidiaries. There are literally hundreds of organizations spread around the world that are allowed to issue certificates for any domain name and some of them are operated by governments that practice Internet surveillance and censorship.

Worth reading.

Miller, a former NSA analyst who now works as a researcher with consultancy Accuvant, created a proof-of-concept app called Instastock to show the vulnerability. The simple program appears to merely list stock tickers, but also communicates with a server in Miller’s house in St. Louis, pulling down and executing whatever new commands he wants. In the video above, he demonstrates it reading an iPhone’s files and making the phone vibrate. Miller applied for Instastock’s inclusion in the App Store and Apple approved the booby-trapped app.

The rest of that article includes more details on the code signing flaw Miller exploited, but I want to focus on a slightly different aspect of this story: responsible disclosure. Essentially, in responsible disclosure, when a researcher discovers a flaw in proprietary software, they immediately report it to the company responsible and setup a reasonable timeframe for fixing the problem before publicly disclosing the flaw.

Miller first contacted Apple about this problem on October 14th. I’m not sure that three weeks is really enough time to resolve a problem like this. I know he didn’t give all the details, and I know Apple has a reputation for not fixing security bugs until they become public (or perhaps well after they have been public for months…). Still, Miller would have a lot more sympathy with me if he reported the problem to Apple privately and gave them time to resolve the error. Another thing that would have made me a little more sympathetic is if he and Apple had agreed to a timeframe on resolving this problem prior to disclosing the flaw, though I’m not sure Apple would ever agree to something like that. Publicly acknowledging flaws of this nature isn’t really in their DNA.

Despite the flaw in Apple’s code signing, they have been able to respond by removing the exploited app from their app store and canceling Miller’s developer license. (Note: There’s some hypocrisy on Apple’s part here since canceling a developer license is a bit different from their treatment of other iOS security researchers.) Is this good enough for security? Everything in security is a tradeoff, so where does this response fall? It annoys me that there’s a bug in Apple’s code signing, but maybe the setup of the iOS App Store is enough of a response.

The original article points out that a similar issue in Android has resulted in a spate of malware for that platform. I’m not sure a similar thing will happen with iOS. Sure, Apple won’t be able to detect these apps in their review process, but they can always just remove them from the store after they’ve been found in the wild. I would probably prefer to see the code signing exception resolved, but I’m not sure what the tradeoffs really are. It’s hard to make security decisions that way.

Lastly, I should mention that this story is rather one-sided as of now. I haven’t seen anything from Apple about all of this yet. If you’ve seen something from Apple, please leave a comment.

Entitlements are a binary solution – if there’s a hole anywhere in it that malware authors find, then there’s really not much Apple can do until they issue a full operating system patch. We call this kind of solution “brittle” – it requires everything to have been written perfectly, for every contingency, or it fails completely.

Solving security problems proactively is extremely challenging. If there’s a single hole, then all your effort is for nothing. A quick, appropriate reactive response is often the best tradeoff for security. Here’s Wil again:

Code auditing and sandboxing are non-biomimicry – nature doesn’t try to audit every line of code, she tries to fail gracefully. Certificates alone offer a graceful failover – if a developer signs up with Apple and provides false info and manages to trick people into downloading her malware, well, we can just throw a switch and she’s done.

Security shouldn’t be all-proactive, but neither should it be all-reactive. Some proactive measures are worth the tradeoff. The fact that Apple performs a baseline examination of applications sold through their Mac App Store does eliminate obvious security problems, but such an approach is never going to catch every single security problem. For that, the best solution will be reactive, and an application white list enforced with certificates is a reasonable approach.

Corporate privacy concerns are more nuanced than government privacy concerns. You can argue that people can just switch to a competitor, as Schmidt does, but how practical is that? Some companies do quite a bit to lock you in. You can argue about creepy advertising, but there’s a real tradeoff there. Some people like seeing relevant ads in certain contexts.

Government privacy concerns are pretty straightforward. They have the guns, so to speak. Even massive corporations like Google cannot prevent the government from accessing your information if the law allows it. Given the state of data privacy laws in the U.S., this is a pretty serious problem for almost every application that uses cloud computing.

Because there are so many stories about how bad Flash is from a security standpoint, I haven’t really spent much time linking to them. However, Steve Bellovin, a computer security pioneer and a Professor of Computer Science at Columbia, wrote a fantastic post about the security problems caused by Flash:

From a technical perspective, it’s simply wrong for a design to outsource a critical access control decision to a third party. My computer should decide what sites can turn on my camera and microphone, not one of Adobe’s servers.

Definitely read the whole thing. Bellovin ends his post with this:

No wonder the NSA’s Mac OS X Security Configuration guide says to disable the camera and microphone functions, by physically removing the devices if necessary.

I’m not sure what role the operating system should play here, but it’s fascinating to think about. How should things like the camera and microphone be controlled? Webcams are clearly an important area for privacy.

Lastly, Bellovin’s post is based on research done by Feross Aboukhadijeh at Stanford, which is worth reading if only because it is a pretty compelling case of responsible disclosure.

We are generally satisfied with the privacy design of Silk, and happy that the end user has control over whether to use cloud acceleration. But this new technology highlights the need for better online privacy protections. As companies continue to innovate in ways that make novel uses of–and expose much more personal data to–the internet cloud, it’s critical that the legal protections for that data keep up with changes technology.

Read their whole article. It breaks down the primary privacy concerns and how Amazon Silk actually handles those situations. If you don’t regularly follow the EFF, they aren’t super easy to please when it comes to protecting users’ privacy, so this is a reasonably strong endorsement.

Given the physical requirements and inherent importance of an exit row seat, I would feel more comfortable if I knew the person sitting there could at least do a pushup and not just be collecting a reward for being a repeat customer.

These are the kind of systematic disconnects that just crack me up.

Flight attendants tell us to turn off all electronic devices under the guise they could interfere with the plane’s navigation system, meaning that if the terrorists really wanted to cause some damage, all they had to do was read their Kindle during takeoff.

Granderson sort of implies that we should at least attempt to enjoy the absurdity as the amusement that it is. I don’t agree. Waste and inconvenience on this scale isn’t amusing. Security is a tradeoff, and I don’t think we’re making the right decisions. The risk of being the victim of a terrorist on an airplane is ridiculously low.

There are reasons we’re not making rational decisions about airport security, and most of them are probably best explained by the fact that we’re all human. Humans just don’t make rational decisions about some types of risk. Dan Ariely has basically made his entire career about irrational decisions people make. Bruce Schneier’s next book is going to focus on how people make decisions involving trust.

Still, we don’t really understand why people do are so poor at making these decisions. Worse, we don’t know how to improve this sort of decision making. The absurdity of airport security isn’t amusing; the root causes of this problem are probably one of the most important research topics for the next few decades.

Steve Jobs died this week, and my interest in the book changed. I’m not sure when I started it, but it must have been sometime Thursday evening. I finished it this past Saturday.

The book is a wonderful combination of both its title and its subtitle. The title comes from Steve Jobs’s desire to one-up the development of the Apple Lisa, which was just a ‘great’ computer. Steve wanted the Macintosh to be ‘insanely great’ and much of the book focuses on Steve Jobs’s influence on the development of computers at Apple. The subtitle of the book is “The Life and Times of the Macintosh, the Computer That Changed Everything,” and the remainder of the book focuses on illuminating just how important the Macintosh was to computing.

The ‘title’ part of this book is easier to believe than the ‘subtitle’ part. Steve Jobs clearly had a profound influence on the development of the Macintosh. Many of the quotes from those who were interviewed for the book point to Jobs as the largest individual influence on the development of the Macintosh. It’s worth noting that this book was originally published in 1994, prior to Steve Jobs’s return to Apple as CEO. Thus, it wasn’t possible for Levy to be influenced by Jobs’s success in turning Apple around.

It’s difficult to evaluate the ‘subtitle’ part of the book because history doesn’t always allow us to identify exactly why something happened. It’s certainly true that everything changed, but it’s not certain that the Macintosh was the reason for that change. If the Macintosh had never been developed, the desktop metaphor and the mouse could still have become the dominant paradigm for computing. The Macintosh was the first commercially-available personal computer that used these devices, and it also demonstrated them to be successful.

Unfortunately, there’s no way to prove that these concepts would have failed without the Macintosh to popularize them. As Insanely Great mentions, both of the desktop metaphor and the mouse were originally developed elsewhere in the computing industry. Obviously, these concepts were a big part of the success of personal computers. Historians are simply left to assign credit where credit is due. Levy clearly places the lion’s share of that credit on the Macintosh.

Levy includes quite a bit of material from his numerous interviews with many of the people who were involved with the development of the Macintosh. These are quite fascinating, and they definitely provide some insight into the thought process that went into the creation of the Mac.

Levy also includes some of his own personal observations of computing. In fact, the last official chapter of the book details some of his own problems using a Macintosh to write the book itself. These anecdotes range from interesting insights to rather bland, subjective commentary. I sort of wished that Levy kept the focus on the Mac and the people who developed it. Still, if an author is going to provide an opinion, I would prefer that they do so directly rather than try to embed it into the rest of the story.

Overall, I would recommend Insanely Great to anyone interested in the early history of the personal computer. Although, I thought Crypto was definitively better and The Perfect Thing was somewhat better, Insanely Great is still a extremely well-written, easy to read, and enjoyable. Lastly, for anyone else waiting for Walter Isaacson’s Steve Jobs, this is a quick read that may alleviate some of the wait.

The Tipping Point is a book that investigates the causes of radical change. Gladwell is interested in the rapid, dramatic change that is exhibited by epidemics, and he uses the science of epidemiology to interpret what he calls a social epidemic. The Wikipedia article on the book breaks down how an understanding of epidemiology can be applied to social concepts so well that I’m not going to rehash these concepts here. Instead, I’ll just urge you to go there and read the article.

Gladwell’s books have been successful in no small part due to the fascinating examples and stories packed within them, and The Tipping Point is no exception. In fact, one concern I had with Outliers was that the stories were so compelling that they covered up the fact that his overall theme wasn’t particularly well-defined. This doesn’t show nearly as much in The Tipping Point, which probably is the best of any of his books at combining a clear central thesis with compelling examples and illustrations.

My major concern with The Tipping Point is that it introduces the social epidemic as if were science on par with actual epidemiology. It’s not. The Tipping Point was not a peer-reviewed book, and matching a pattern to previously gathered data sets isn’t exactly the scientific method. Establishing a causal relationship is more difficult than that.

This lack of scientific rigor doesn’t mean that the book isn’t entertaining or compelling. It also doesn’t mean that the book won’t make you think a little differently about the world. All it means is that Gladwell’s conception of The Tipping Point hasn’t gone through the rigors of scientific validation. (If you’re interested in some examples of the problems this causes, then I would again refer you to Wikipedia.)

All in all, the book was entertaining, and I would recommend it. However, I wouldn’t treat it as if it were anything other than compelling journalism mixed with masterful storytelling. In fact, it makes me want to re-read Blink. It may suffer from some of the same problems, and I didn’t seem to mention them in my review of it.

I learned to program when I was in the first grade using an Apple IIe. I’m currently writing my doctoral dissertation on computer science using a MacBook Pro. I’m not sure what I will do after I graduate, but I can’t help but think that whatever I go on to do wouldn’t have been possible without Steve Jobs.

Thanks Steve.

Any time you have an unplanned outage for your site, you might as well re-think what you really want to do with the site. However, I don’t really have time to do that right now, so things will probably continue mostly as they are now for the forseeable future. Currently, I write for and maintain several websites. You can read about them if you wish.

However, there is one small change that I would like to announce. As most of you know, I’m an avid reader. I read books, academic papers, news, and all sorts of other things. However, one of my favorite things to read over the last couple of years has been a great essay. I’m not entirely sure why, but I have a few theories I won’t bore you with.

Because of my growing appreciation for essays, I’ve thought about linking to some of the great essays for a long time. I’m not thinking about it any longer; I’m going to start linking to some of them in this category. Now, there are several sites out there that exist solely to aggregate longer form, essay-style writing. I won’t pass along nearly that volume of essays, so if you find that yourself loving the art of the essay, you should investigate those sites.

Today I would like to pass along an essay I read this past summer. It’s by Paul Ford and it’s titled “The Age of Mechanical Reproduction.” It’s an extremely well-written essay about Ford’s personal experience with in-vitro fertilization, and definitely worth reading. I’m passing it along today because I’ve learned (through Daring Fireball) that there’s a short post-script on his personal site. Don’t read the post-script first. There are spoilers there that could ruin the essay for you. Enjoy!

Admission by Jean Hanff Korelitz is about a Princeton University admissions officer named Portia Nathan. She begins the novel with complete faith that her role as an admissions office is critical to the success and prestige of Princeton University. Her work is demanding, perhaps brutally so, but she is clearly passionate about it. She also begins the novel in an idealized domestic relationship with a Princeton English professor, but it becomes clear early in the book that they have lost whatever passion they may have had for each other.

Portia’s romances are the main plot of the book, but they are a bit ham-fisted and read more like a soap opera than, well, some soap operas. In fact, the product description for the book uses the following phrase to describe it:

Admissions. Admission. Aren’t there two sides to the word? And two opposing sides…It’s what we let in, but it’s also what we let out.

Pretty cheesy, right? Ask anyone who knows me and you’ll find that I’m a big fan of puns, but this kind of wordplay fails to interest even me. Portia has a secret that gets “let out” over the course of the book, but I don’t have to tell you about it because it will be rather easy to guess once you start reading the book. The characters are interesting and the scenes are engaging, but the plot just doesn’t work when viewed holistically. It reads like the novel equivalent of taking a great commercial series and turning it into a complete television show.

Despite the somewhat clumsy love story, Admission does have an extremely engaging sub-plot surrounding the admissions process itself. Obviously, I am heavily biased as to whether or not this sub-plot is truly “engaging.” I’m a PhD Candidate in Computer Science at NCSU, and I’ve spent quite a lot of my life in some part of academia or another. It isn’t hard to convince me about the importance of education, and I’ve always been fascinated with attempts to measure learning, achievement, or accomplishment. Still, any one of the millions of people who have applied to college tacitly understands the idiosyncrasies, inaccuracies, and theater of this process. Although some reviews might say that the book “includes too many wooden monologues explaining in detail how [the admissions] process works,” I don’t think I’m alone in my interest for this part of the book.

Anyone who has applied to college (or has a child planning to do so) has almost certainly wondered about the admissions officers. Will someone actually read this? What are they really looking for? What will they think about my transcript, that award I won, or my extra-curricular activities? What will they think about me? For the somewhat introspective among us, applying to college can be even more brutal than the process Portia goes through to make her decisions in the book. Clichés are never more true for anyone than they are for high school senior applying to college. They are full of potential. They have their whole lives in front of them. They can be anything they want to be. Their future rests on what happens to that application.

College applicants are subject to the ultimate “fear of missing out” because of the ponderous implications of the admissions decision. The fear of missing out (FOMO, for short) has recently been described as “a crucial key to understanding social software” because:

Social media has made us even more aware of the things we are missing out on. You’re home alone, but watching your friends status updates tell of a great party happening somewhere. You are aware of more parties than ever before. And, like gym memberships, adding Bergman movies to your Netflix queue and piling up unread copies of the New Yorker, watching these feeds gives you a sense that you’re participating, not missing out, even when you are.

FOMO is also crucial to understanding college admissions for basically the same reasons. What college graduate hasn’t wondered whether or not their life would have been “better” if only they went to a “better” college? Applicants fear missing out on some unknowable future. Admissions officers fear missing out on potential future prestige for their university if they aren’t able to accurately identify the best students. Admission explores FOMO from both sides throughout the book. Each chapter of the book begins with an admissions essay excerpt from one of the students that Portia is reviewing. The essays are humorous, serious, deep, and emotional. They may be the best part of the book because they so palpably convey the fear (and vulnerability) inherent on both sides of the process. I often found myself starting a new chapter simply because I wanted to read the lead-in essay.

Unfortunately, much like the love story, the admissions process subplot has a somewhat predictable climax involving Portia’s decision on a particular application. It’s not as inevitable as the ending for the love story, but Portia’s character seems to telegraph her decision a bit. Regardless, it’s a fascinating problem, and I’m not sure what I would have done in her position.

Despite my concerns with the plot, I would recommend this novel to anyone interested in exploring college admissions or anyone interested in exploring the broader impact of important decisions on young adults. The book has been out long enough that you should be able to find a used copy online without having to shell out much cash. It’s a fun, quick read, but I wouldn’t recommend buying a new copy.

Last month, I testified before the House Ways and Means Social Security Subcommittee hearing on the Social Security Administration’s Role in Verifying Employment Eligibility. My testimony focused on the E-Verify pilot system, and the operational challenges the system faces. According to the U.S. Citizenship and Immigration Services website, E-Verify “is an Internet-based system that allows businesses to determine the eligibility of their employees to work in the United States.” The goal of E-Verify – to ensure that only authorized employees can be employed in the U.S. – is laudable. However, the E-Verify pilot system is still in need of major improvements before it should be promoted to a permanent larger-scaled system.

Read the rest on the CDT blog.

WASHINGTON – April 14, 2011 – At a Congressional hearing today on the Social Security Administration’s role in verifying employment eligibility, Ana I. Antón testified on behalf of the U.S. Public Policy Council of the Association for Computing Machinery (USACM) that the automated pilot system for verifying employment eligibility faces high-stakes challenges to its ability to manage identity and authentication. She said the system, known as E-Verify, which is under review for its use as the single most important factor in determining whether a person can be gainfully employed in the U.S., does not adequately assure the accuracy of identifying and authenticating individuals and employers authorized to use it. Dr. Antón, an advisor to the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee and vice-chair of USACM, also proposed policies that provide alternative approaches to managing identity security, accuracy and scalability.

More information about the hearing, including testimony from other witnesses, is made available by the Subcommittee here, and Dr. Antón’s written testimony is available from the USACM here (PDF).

Dr. Antón previously testified before the House Ways and Means Social Security Subcommittee during the summer of 2007 about the security and privacy of Social Security Numbers.

Abstract:

In 2002, we established a baseline for Internet users’ online privacy values. Through a survey we found that information transfer, notice/awareness, and information storage were the top online privacy concerns of Internet users. Since this survey there have been many privacy-related events, including changes in online trends and the creation of laws, prompting us to rerun the survey in 2008 to examine how these events may have affected Internet users’ online privacy concerns. In this paper, we discuss the 2008 survey, which revealed that U.S. Internet users top three privacy concerns have not changed since 2002; however, their level of concern within these categories may have been influenced by these privacy-related events. In addition, we examine differences in privacy concerns between U.S. and international respondents.

Last year, Governor Easley proclaimed January 28th as Data Privacy Day for the state of North Carolina. This year, he proclaimed January Data Privacy Month. North Carolina, Washington, California, Oregon, Massachusetts, and Arizona have also declared January 28th to be state-wide Data Privacy Day. Last but certainly not least, Congressman David Price and Congressman Cliff Stearns introduced House Resolution 31 which was passed on January 26th with a vote of 402 to 0 to make today National Data Privacy Day in the United States. It is truly outstanding to see such strong support in the form of resolutions and proclamations.

The best way to support or celebrate Data Privacy Day is to take action. Since the goal of Data Privacy Day is to promote awareness and education about data privacy, one easy way to act is to check out all the great educational resources made available in conjunction with Data Privacy Day. For example, Google has posted about what it has done to protect privacy and increase awareness of privacy. Microsoft is holding an event tonight and has more information on data privacy on their website.

Here at The Privacy Place, we were once again pleased to have the opportunity to celebrate Data Privacy Day at Duke University by attending the panel discussion on Protecting National Security and Privacy. The panel discussion was extremely well-attended and well-received. This event had a number of sponsors, including Intel who has a fantastic website with extensive information on Data Privacy Day. If you weren’t able to make it to the panel, I would strongly encourage you to check out Intel’s site.

Lastly, Data Privacy Day is all about awareness and education, so be sure to spread the word!

[Update: Fixed the link to the House Resolution that passed on Monday.]

In it, Dr. Gary McGraw, the host of the series, interviews Dr. Laurie Williams, an Associate Professor of Computer Science at North Carolina State University. They discuss the work the Software Engineering Realsearch Group is doing in software security, testing, and agile development. In my humble and admittedly biased opinion, Dr. Williams is an excellent teacher and the podcast is absolutely worth checking out.

In a previous episode, Dr. Annie Antón, a Professor of Computer Science at North Carolina State University and the Director of The Privacy Place, was also interviewed by Dr. McGraw. They discussed the our work here at The Privacy Place including research on privacy policies, the role of regulations in computer privacy and security, and the relationship between privacy and security. Of course, my opinion as to this podcast is even more biased, but I would still encourage you to check it out.

Previous podcasts have included interviews with luminaries such as Ed Felten, Bruce Schneier, Dorothy Denning, Eugene Spafford, Adam Shostack, and Matt Bishop. I am tempted to simply list all the interviewees because each episode is fantastic, but I’ll leave the rest as a teaser. If you were so inclined, you could even follow their RSS or iTunes feed as a New Year’s resolution.

Let’s start with some background on the ECPA.  The ECPA was passed in 1986 as an amendment to the Wiretap Act of 1968 and primarily deals with electronic surveillance.  The purpose of the Wiretap Act was to make it illegal for any person to intercept oral communications like telephone calls.  The first title of the ECPA extends the original Wiretap Act to prevent the interception of electronic communications.  The second title of the ECPA (commonly called the Stored Communications Act) adds protection for stored communications and prevents people from intentionally accessing stored electronic communications without authorization.  The ECPA has been amended three times since it was passed.  First, it was amended by the Communications Assistance to Law Enforcement Act (CALEA) in 1994.  Second, it was amended by the USA PATRIOT Act in 2001.  Third, it was amended by the USA PATRIOT Act reauthorization acts in 2006.

Now, Yasnoff makes several claims in his post, which I will discuss in order.  First, he claims that there are no exceptions in the ECPA and that this means whichever organization holds your information must get your permission to release it.  This is categorically not true.  There are many exceptions in the ECPA, but for the sake of simplicity, I will limit this discussion to the two main exceptions of the original Wiretap Act, both of which were retained by the ECPA.

The first exception allows interception when one of the parties has given prior consent.  This could mean that the government can legally access your communications if your PHR service provider consents prior to the communication.  Thus, Yasnoff’s strong statement that PHRs “MUST GET YOUR PERMISSION” (emphasis from original statement) is simply incorrect.

The second exception allows interceptions if they are done in the ordinary course of business.  This could mean that your data would be accessible by third parties such as an information technology vendor that maintains the software.  Effectively, this is a somewhat broader exception than the exception found in HIPAA for Treatment, Payment, and Operations, which Yasnoff found to be wholly unacceptable for protecting patient privacy.

Second, Yasnoff claims that the ECPA “is not long or complicated – I urge you to read it yourself if you have any doubts.”  This statement as well is categorically untrue.  Paul Ohm, who was previously an attorney for the Department of Justice and is currently an Associate Professor of Law at the University of Colorado Law School, has publicly challenged Tax Law experts that the ECPA is more complicated than the U.S. Tax Code.

Bruce Boyden, an Assistant Professor of Law at the Marquette University Law School, wrote a chapter in Proskauer on Privacy discussing electronic communications and the ECPA. In it he details many of the nuanced aspects of the ECPA, including the three subsequent amendments to the ECPA. With regard to the first title (Interception) he says:

To “intercept” a communication means, under the act, “the aural or other acquisition of the contents of any wire, electronic, or oral communications through the use of any electronic, mechanical, or other device.” The application of this definition to electronic communications has at times been particularly difficult, and courts have struggled with a number of questions: What exactly qualifies as the acquisition of the contents of a communication, and how is it different from obtaining a communication while in electronic storage under the Stored Communications Act? Does using deception to pose as someone else constitute and interception? Does using a person’s own device to see messages intended for them qualify?

Boyden later talks about limitations to the second title (Stored Communications):

[T]here are two key limitations in section 2701 [of the ECPA].  First, it does not apply to access of any stored communication, but only those communications stored on an electronic communications service facility as defined under the act.  Second, the definition of “electronic storage” in the act does not encompass all stored communications, but only those in “temporary, intermediate storage” by the electronic communication service or those stored for backup protection.

These seem like rather important exceptions which continue to refute Yasnoff’s claim that there are no exceptions in the ECPA, but to his second point, this seems pretty complicated.  At least, it certainly doesn’t seem as simple as just finding some information that has been communicated to and stored by a PHR service provider, which was Yasnoff’s implication.

Boyden has also discussed whether automated computer access to communications is a violation of the ECPA.  The discussion is more complicated than it may appear at first and there’s an interesting discussion of it over on Concurring Opinions.

Broadly, several organizations feel that current US privacy law, including the ECPA, is discombobulated. The Electronic Frontier Foundation believes that fixing the ECPA is one of the top five priorities in their privacy agenda for the new administration. The Center for Democracy and Technology would like to see the new administration pass consumer privacy legislation and a “comprehensive privacy and security framework for electronic personal health information.” The ACLU would like to see the new administration “harmonize privacy rules.” I submit that these organizations do not feel that the ECPA provides clear and adequate privacy protections for PHR systems.

Yasnoff’s third claim is that PHRs which are “publicly available” receive stronger protections under the ECPA than those that are “private.”  In fact, Yasnoff says:

Only those that are “publicly-available” are included. While this clearly would apply to generally available web-based PHRs, systems provided only to specific individuals by employers, insurers, and even healthcare providers are less likely to be considered “publicly-available.” Therefore, ECPA protection is limited. So you are only covered if you use a PHR that is available to anyone.

This statement is either completely backwards as it relates to the ECPA or, perhaps more likely, not a factor for ECPA protection at all.  The EFF’s Internet Law Treatise has an article describing the differences in public communications versus private communications:

“[T]he legislative history of the ECPA suggests that Congress wanted to protect electronic communications that are configured to be private, such as email and private electronic bulletin boards,” as opposed to publicly-accessible communications. See Konop, 302 F.3d at 875, citing S. Rep. No. 99-541, at 35-36, reprinted in 1986 U.S.C.C.A.N. 3555, 3599.

Thus, the public accessibility of the PHR service is not important. The pressing concern is whether the communication itself was meant to be public or private. If it was public, then the ECPA simple doesn’t apply. It if was private, then whatever protections the ECPA does afford, would apply.

By now it must be clear that I disagree with William Yasnoff’s assessment of the ECPA’s application to PHRs.  I did, however, want to point out one interesting privacy protection that the ECPA offers which HIPAA does not: a private right of action. 

Basically, a private right of action allows citizens to file civil lawsuits in an attempt to recover losses caused by violations of a law.  The ECPA has a private right of action clause, while the HIPAA does not.  HIPAA’s lack of a private right of action has caused some criticism.  On the other hand, the ECPA’s private right of action has also been criticized as unnecessary and wasteful.  Perhaps it is a stretch, but this was the only possible improvement in privacy protection that I was able to find to support Yasnoff’s argument regarding the use of the ECPA to provide privacy protections for PHRs.

I would like to conclude by saying as directly as possible that the ECPA does NOT provide clear or adequate privacy protection for personal health information given to PHR systems. Privacy in general and healthcare privacy in particular are hotly debated current concerns for many organizations. I believe it is likely that the Obama administration and the next session of Congress will attempt to address the privacy concerns raised by organizations like the EFF, the CDT, and the ACLU. In the meantime, however, do not use a PHR service under the assumption that the ECPA protects the privacy of your medical records.

Thank you for your interest! Please check back in a few months to see the survey results.

Previous survey results can be found in the following publications:

Earp, J.B.; Antón, A.I.; Aiman-Smith, L.; Stufflebeam, W.H., “Examining Internet privacy policies within the context of user privacy values,” IEEE Transactions on Engineering Management, vol.52, no.2, pp. 227-237, May 2005

Carlos Jensen, Colin Potts, Christian Jensen, “Privacy practices of internet users: Self-reports versus observed behavior,” International Journal of Human-Computer Studies, vol. 63, no. 1-2, pp. 203–227, 2005.

Vail, M. W.; Earp, J. B.; Antón, A. I., “An Empirical Study of Consumer Perceptions and Comprehension of Web Site Privacy Policies,” IEEE Transactions on Engineering Management, vol.55, no.3, pp.442-454, Aug. 2008

Incognito is a user-visible feature that enables a private browsing mode. Private browsing is a relatively simple concept with tangible benefits to privacy. Under normal operation, a browser will store information about a user’s browsing history. Stored information could include sites visited, data downloaded, searches conducted, or even personal information entered. Under private browsing mode, that same browser simply doesn’t store this type of information. Essentially, a browser has no memory of what users do when private browsing is enabled.

Although private browsing is conceptually simple, it is not easy to implement because everything the browser does is affected by private browsing. Apple’s Safari browser has had a private browsing mode since version 2.0 (April 2005). Currently in version 3.1.2, Safari still is the only major browser to have a built-in private browsing mode. However, Safari’s private browsing mode isn’t perfect.

Private browsing was a planned feature for Firefox 3.0, but was dropped before the release because the developers “didn’t want to put something in that was half baked.” The Mozilla Wiki describes the current state of this feature and provides a link to a Firefox plugin called Stealther, which provides some private browsing features.

Microsoft has announced that they will include a private browsing feature, called InPrivate, in their next version of Internet Explorer. Microsoft’s effort seems to be even more ambitious than simply not storing data locally. For example, a Microsoft blog post describes a feature, called InPrivate Blocking, that would add the ability to block browsing information that would normally flow to third party sites.

Clearly, private browsing mode is not a trivial engineering task, but Chrome has some fundamental advantages over the “big three” that may simply make real private browsing easier to implement and maintain. Since Chrome will have Incognito on its first release there is less code that needs to be re-engineered to respect a private browsing mode. Also, Chrome uses a separate process for each tab, whereas a traditional browser only has a single process for all of its tabs. Multiple processes make it easier to sandbox tabs. As a result of these strict separations, it could be possible that Chrome would allow individual tabs to go “Incognito” while others act normally.

It is difficult to predict what sort of impact Chrome will have on the browser market, web application development, or Internet privacy, but if Chrome will have any impact, then it must compete with the “big three.” They are big for a reason, and a comic book isn’t going to solve that problem.

[ Update: Google has officially released Chrome at the following URL: http://www.google.com/chrome ]

VentureBeat author David P. Hamilton has been covering HealthVault. He began with an attempt to review HealthVault that ended in frustration attempting to register a password. His next post was a review of HealthVault itself. Recently he posted his thoughts regarding our coverage of HealthVault.

Our comments also received some attention from Dana Blankenhorn at ZDNet. Robin Harris, another ZDNet author, believes that HealthVault is a sick joke. ZDNet also has some screenshots of HealthVault in action for those who may not have the time to play around with the site themselves. ZDNet also has a news article about Microsoft’s efforts to get health records online.

All of the articles are well worth reading if you are concerned about the privacy implications of electronic health records.