Chaos Program

The big tech story of the week is the one about Google making people mad with it’s new “Buzz” service. The most interesting aspect of this story is that everyone seems to have gotten it wrong.

Here’s the short version of the story: Google has some new social media application that makes all your email contacts into “friends” in the social networking sense and a lot of people objected to that, claiming that email contacts should be kept private, not advertised to the world as a friends list. This is stupid on so many levels – Google, their users, all the “analysts” – it’s hard to know where to start. So I’ll start at the beginning as far as I knew it.

The other morning, as I do most mornings, I brought up my gmail account and glanced to see if there was anything new. There was some kind of banner or thing about something called “Buzz.” I immediately thought “Hmm. Could this be a whack at Yahoo’s boring Buzz bookmarking service?” But no. I saw that my boss had already been there and made a comment. I also saw that to reply to his comment I had to create a “profile” that would make all of my email contacts into friends who I could then get Buzzy with, or some such thing.

I decided not to create the profile because I don’t use my gmail account for general email purposes. I have a yahoo account for that. My gmail account is mostly for poetry and other writing. I use it to communicate with the members of the Science Fiction Poetry Association, a lot of editors and a few close friends and family. It’s the kind of account – intentionally – receives the kind of joke emails that people forward all the time. In other words, while it’s a public address, I tend to use it for more private purposes.

Weirdly, Buzz shows that I have 6 followers, including 4 who do not have public profiles – which I also do not have. How do you follow someone who does not have a profile to follow? And if you don’t have a profile, how is it possible to follow someone else without a profile? What the hell is going on here? read more »

A little while ago I saw a TV commercial that offered to pay people to make themselves targets for identity theft.

Oh, that wasn’t the intention. It was more a side effect of the campaign, which offered to pay people for referring friends to use the service. The part that made me start thinking about ID theft was the line that advised that, in order for you and your friend both to receive the cash the program offers, your friend must use your account number to sign up.

Have you seen the one? Sounds enticing, doesn’t it? It’s like free money!

Just as long as you trust your friends with access to your account. I have nightmares (well, not really, but play along with me on this) of greedy people putting their account number on a business card, or in an ad on Craig’s List, to get others to help them cash in on this program. So what if a complete stranger then hijacks their account? In a way, anyone that stupid deserves what happens to them.

I have an even worse nightmare that the company that ran the ad would say that their security is too good for someone to misuse an account just by knowing the account number. They have to also know something else, like a social security number! (For those folks who came in in the middle, SS number should never be used as a customer identifier because every use exposes it to possible theft).
read more »

There’s a big push in the U.S. right now to computerize health records so they can be more easily searched, transferred and analyzed. The potential benefits touted include greater portability – go to a new doctor and never worry about getting all your records for them – and wonderful new technologies like automatic checking for unsafe drug interactions.

Of course there’s a lot of money involved, too. The American Recovery and Reinvestment Act of 2009 (you know. The stimulus bill) created an Office of the National Coordinator for Health Information Technology and allocated billions of dollars to promote adoption of electronic health records (see article here). Yeah. That’s what the health industry needs: More bureaucracy.

The Spring 2009 issue of Rand Review (no link. I’m working from a hard copy) has an impressive array of charts and graphs and numbers claiming that health technology can save vast amounts of money. They even make the hilarious claim that computerizing people’s health records will improve privacy! Usually at this point I would put a list of links to articles about hacking incidents related to the subject I’m discussing but that doesn’t begin to show the magnitude of the problem. Instead, here’s one link to a Google search for medical records compromised: http://www.google.com/#hl=en&q=medical+records+compromised. It’s showing me 649,000 records when I run it today. Interestingly, there doesn’t seem to be a lot of duplications.

read more »

How can you not love a domain named “cryptohippie.com?”

Okay, so it’s a business that sells unusual and interesting services that broadly fall under the heading of “security.” I say broadly because this is not the usual anti-virus or hacker proofing kind of stuff. Check out the website if you like. For now let’s just say that CryptoHippie lives up to its name.

What I really want to discuss is CryptoHippie’s report on the Electronic Police State, 2008. (Available here). The title caught my eye immediately, partly because I recently finished a class that included in the reading list a couple books that were chock full of scare stories about that same topic, more or less [See No Place to Hide by Robert O'Harrow, Jr. and Darknet: Hollywood's War against the Digital Generation by J.D. Lasica]. The class wasn’t quite about that, though. It was about the law as it relates to computer and internet security and privacy (It was also brutal but it looks like I got the A).

Of course, some of what we covered included the hoops the government has to jump through to gather and the way that was changed by the USA PATRIOT Act. Privacy policies and the laws that govern or even require them were also a large part of the class. And other interesting things. Never did the phrase “Electronic Police State” come up. That would be worth another class by itself and I hope to take it one of these days.

The first topic should be What does “Electronic police state” mean?

First, what is a “regular” police state? According to Wikipedia, the term “describes a state in which the government exercises rigid and repressive controls over the social, economic and political life of the population” (Police state). This is a nice start but doesn’t tell the half of it. A police state is one where citizens have few, if any, rights. It’s a place where they can be arrested at any time with, or without a reason. In the old Soviet Union the crime of committing “anti-soviet activities” (or was it un-Soviet?) was a catchall that could be used to collect dissidents or prostitutes with equal ease (the story goes that it was used against prostitutes because there were no laws against prostitution, since that was said to exist only in decadent western countries like the U.S.A. But that law could be used to nab almost anybody for almost anything, so it worked just fine).
read more »