Why we don't encrypt

As this article points out, the way to avoid being snooped on is to use encryption, and good encryption software has existed for decades. So why don't people use it?

I had always assumed, and the article agrees, that for things like email "it takes two to tango" so unless the people you're communicating with are concerned about their privacy, you can't encrypt. Most people just don't care, and frankly I include myself in that group. There are cases when it matters, but most of them are business emails. I remember the futility of trying to get people in the business world to use encryption for material that really is sensitive; it's a lost cause because their customers don't care.

But idea in this article that struck me has more to do with things like Facebook and web-based email.  It's the "you aren't the customer; you are the product" concept.  These services exist because the people who use them are creating a collection of data that's valuable to the companies.  If that data was encrypted, the companies couldn't read it, and it would be useless to them.

So the bottom line is that in order for these companies to exist there must be a huge pool of unencrypted data that they can monetize. The side effect is that if the government wants to take a peek, there it is, waiting for them. As consumers, our choice is to accept this or to not use the services. Most of us accept it. In fact, very few even consider the privacy issue.

Our government is spying on us? I'm shocked.

Since I have a little experience in the Internet security area, a few people have asked what I think of Edward Snowden’s disclosures about US surveillance programs.  With the disclaimer that I have no specific knowledge on this topic – I’ve been retired and out of the loop for 8½ years – here are a few comments. 

If 90% of the government surveillance iceberg was under water, the latest disclosures change that to about 89.9%.  We still don’t know what we don’t know.  Anyone with any experience with Internet network design already knew, in principle, everything that was “disclosed”.  Not specific companies or cute code names, perhaps, but the fact that Uncle Sam has been looking over our shoulder has been obvious to the casual observer since the early days of the Internet.

Not that this is anything new.  Governments have been snooping, and people have been evading that snooping, pretty much since there were people to snoop and evade.  Wikipedia has a nice history.

But the issue at hand is a specific person taking specific action to disclose specific information that he had promised not to disclose.  I heard an interview with a retired government official [nice how the actives ones won’t go on the record] who was wringing his hands about how Snowden was putting his judgment ahead of the President and Congress and all his betters.  He was right, of course.  But that’s what whistleblowers do, and history is the judge of whether their actions were appropriate.  The people who are being “blown” are always going to be full of righteous indignation.

With the facts I have, I have no reason to doubt his motivation.  That doesn’t make his actions “right” but it seems pretty obvious that he could have sold this information to any number of eager buyers.  He apparently made an informed decision to trade in a comfortable life for something completely different.  It took a great deal of courage or stupidity to do that.  Maybe both.

To me the pity is that he was put into this position.  In my naïveté I figured that the American public understood and accepted what their government was doing to them.  Recent events have astounded me.

• At least to read media reports, the “man on the street” is outraged.  Well, some are.  This poll shows a lot of outrage and a lot of apathy.  I should know by now not to assume that the general public grasps anything more obscure than the color of the beer that they drink.
• Congress is up in arms.  There are Congresscritters who claim that they had no idea that this was happening.  I find this unfathomable, except that nothing that Congress does should surprise me.  I have just a shred of sympathy for the ones who are whining “I wasn’t briefed.”  Apparently the briefings were classified, which means that the Congresscritter cannot take staff along.  So even if they were successful at finding the location of the meeting without help, chances that they wouldn't understand anything.  On the other hand, they have a lot on their mind.  The fact that they’ve voted for this legislation doesn’t imply that they need to understand it.

One thing that hasn't astounded me is the reaction, "I'm not doing anything bad, so I don't care what the government knows."  This is an extremely dangerous attitude.  If someone decides that they are out to get you, and they're correctly placed in the government or law enforcement, they will get you.  It does not matter if you've "done anything" or not . . . it is always possible to take things out of context and spin a convincing story that you are a terrorist.  Maybe it is the person who feels you took their job, or the one that you gave a dirty look because they were stealing a mini-vodka on the airplane.  So if you think you are leading a squeaky-clean life and need not worry about who is snooping, think again.

The bottom line for me, and I suspect for Snowden, is whether anything will change based upon his actions.  I hope it does; I fear that it will not.  There are a lot of persuasive people who honestly believe that the current balance between privacy concerns and fear of terrorism is correct.  This is not a black and white issue.  Both sides are right and both are wrong.  If the balance shifts towards privacy, Snowden will have achieved something.  Who knows whether, even if that happens, it will be enough to justify his actions or the disruption in his life.

My first teaching experience

An email this morning reminded me of an experience from my college days that some of you will find interesting. The email was related to this article that points out that some people can learn to program and some simply cannot.  It postulates a reason for this that I'm not too keen on, but since I've had the experience of trying to teach people to program, I do agree that there are a lot of people whose brains just are not wired to program a computer.  That's not a bad thing; it just is.

Back in 1969, we had a math class at UT – Math 315:  Numerical Analysis.  It was a normal class in the sense of having three 1-hour lecture sessions a week, but it also had a "lab".  The reason I put "lab" in quotes is that it was really just a classroom lecture plus doing battle with the (mainframe) computer to prepare the assignments.  In the lab, the students learned FORTRAN and were assigned problems that built on the knowledge from the lectures.  The labs were taught by employees of the computer center, like me.  This was my first experience teaching in a classroom environment.

The irony was that the students spent 90% of the time they devoted to this class trying to get the programs to run but this part of the syllabus only accounted for 15% of their grade.  You could easily spend hours trying to get a FORTRAN program to give you the right answer, especially if you were learning to program FORTRAN at the same time.  Remember, these were the days when you punched your cards on the keypunch, handed the deck over the counter, and then waited for minutes or hours to retrieve your printout in the bins.

We ran a "consulting lab" for people who were stuck with issues that they couldn't resolve.  This was in room -1 in the Business building (where the computer center was); it had at one point in its life been a coal bin.  The most common error was people using WR1TE for WRITE and G0 T0 for GO TO.  But it was part of what put me through college, so I can't complain.

Non-computer-science students are no longer exposed to the challenge of actually programming.  These days they learn to use software that calculates what they need based on the parameters that they supply, which I'll admit is a much more efficient way of getting the answer to a problem.  But this means that the mainstream student never sees actual programming, so the small fraction of them that might respond with "Hey, this is neat; I think I'll do this for my career" don't get that opportunity.  As one of the people who had that reaction, I'm sorry to see this aspect change.

Linkedin

I deleted my Linkedin account some time ago, primarily because I'm no longer in its target audience.  But this article may be interesting to those of you who are still there. It explains how Linkedin is making its money, an activity that you might not have been aware of.

The company makes some of its money from showing ads and selling premium features to members. But more than half its nearly $1 billion in annual revenue comes from employers and recruiters who pay for what LinkedIn calls its “Talent Solutions,” including job listings, corporate pages and online software that can perform sophisticated searches of LinkedIn’s member database.

Not saying that this is evil or anything like that . . . just be aware that, as usual, you are the product not the customer.

Punched cards

If you go back into the mists of history as far as I do (does anyone?) here's a fascinating walk down memory lane.

I wonder how many hours I spent sitting in front of one of these during the 60s, 70s, and 80s? For those who don't know, back when dirt was new the only way to coerce a computer to do work for you was to punch cards. This is the machine that did that.

True story: Back in the 1960's, Oak Ridge National Laboratory had the newest and fastest IBM computer. They started having problems with it malfunctioning -- the hardware would detect that there had been an error and shut itself down. This happened intermittently, a couple of times a month, IBM would run all their diagnostics and never find anything amiss.

Someone finally figured out that there was a keypunch in the machine room that, when it was turned off, caused these machine checks. Apparently the motor spinning down created enough of a voltage spike to freak out the nearby mainframe. It happened so rarely because no one ever turns off the keypunch in the machine room ... you know that someone else will be along momentarily to use it, so why bother. But sometimes habit would win and the switch got flipped.

 

I wonder if anyone who reads this will recognize the second picture.  It's a program drum from the same model of keypunch. Using this you could program tabs, skip columns, and generally save time if you had a lot of cards to punch and they all had the same format. And of course you punched your program into a card which then fit into clamps on the drum.  Pretty nifty.

So here's how it worked. You punched your program source into cards. You handed them over to an operator, who batched them with other folks' work and read them into the system using a card reader. Depending on how many other people were using the computer, your job ran in a few minutes or a few hours and printed on continuous-form paper. The operator took this off the printer, separated it from other people's output, and placed it in bins where you could pick it up.  This process took somewhere between a half hour and a day. Repeat as necessary.

Today the process is to type in the program and immediately compile it, see the errors, correct them, and try again. Changing the turnaround time from 10 seconds to 10 hours has several effects. For one thing, you're likely to be very careful about the changes you make; a missing parenthesis can cost you 10 hours instead of 10 seconds. And you're likely to have several things going at once; otherwise you sit on your hands a lot.

And they say multitasking is a new thing.