Not in Chicago anymore

Mundane life from rural Minnesota.

Wednesday, October 1, 2014

Law enforcement and encryption

"It is fully possible to permit law enforcement to do its job while still adequately protecting personal privacy.”

No, it's not, Mr. Holder.  The quote above comes from Attorney General Holder, who chastised the tech companies for removing the back doors that were being used by law enforcement to peak into our personal devices. See this article in the Washington Post for one account.

This is an issue that each individual needs to understand and form their personal opinion. But to say that it's just not an issue — that you can have personal privacy and access by law enforcement to private data — is simply disingenuous. Both are important, but they're mutually exclusive.

I understand the outcry from law enforcement. Sometimes the only way that you can prove that someone is breaking the law is to see the data that they've collected, and if they encrypt it you must have a way to decrypt it. But we have this little item in our Constitution about self-incrimination, and if an individual chooses to invoke it, law enforcement should not have the ability to short-circuit it by using a back door to bypass encryption.

The bottom line is, as usual, one of personal priorities. Which is more important to you, your right to protect your privacy by encrypting material that you wish to remain private, or the right of law enforcement to see material that they have determined might be illegal? For me, the choice is clear, but I understand how other people with a different priority structure than mine would come to the opposite conclusion.

Then there's the issue of terrorism. Anything can be justified by uttering that dread word. My feeling on this is simple: if the result of terrorists' actions is the loss of my privacy, then they have won. And they have. The 9-11 bombings and other terrorist acts have resulted in a basic change to our culture. Our government spies on us, law enforcement squeals when their ability to see every aspect of our lives is abridged even slightly, and we spend billions of dollars on inconveniencing travellers. It's not a bad thing that our attention level for personal safety is higher now, but we gave the authorities an inch and they took a mile.

Tuesday, August 12, 2014

Privacy tradeoff

As usual, it's the side material in this Washington Post article that's interesting. Leaked documents from a surveillance company tell us that the iPhone is more secure than phones running other operating systems.

This comes as no surprise since Apple controls their operating system and the collection of applications for the iPhone more strictly than Android. In fact, it's not a lot different from the situation outside of smartphones — there are generally lots more applications available for non-Apple gear than Apple.

So there's a capability and a price gap. But there's also a security gap. I wonder how many of the people buying Android phones these days even know, much less care.

Don't get me wrong — I do see the advantages of open source over Apple's world of proprietary operating systems. But I'll stick with Apple, mostly because I enjoy the way that all my Apple stuff works together. I have enough problems as it is and I'm not about to wade into the issue of getting Android applications to talk to my Apple-based ones.

But the security aspect is one that I hadn't really thought about, which is a little surprising considering my usual fixation with security. I wish it were more visible in the choice process, but I understand why Apple doesn't hype it more.

Saturday, August 2, 2014

Two companies and their idea of community involvement

Here's a link to a video produced by an aviation museum in Seattle.  It's long, but I found myself watching the whole thing.  It's nothing more than short quotes from different organizations in the Seattle area explaining how Boeing was instrumental in their startup or continuing operation or both. These are not aviation-based organizations. I had no idea that Boeing contributed to the community to the extent that they do.

Here's a link to a video produced by a bank that decided to say "thank you" to some of their customers in a special way. Kudos to them for doing the research to figure out that one was a baseball fan, one a single mom who would love to take her kids on a great trip, and one a mom with a daughter far away. But it's really a marketing piece. The producers went to great lengths to create something that would go viral on the Internet and provide the company with publicity worth much more than the cost of the "thank you" gifts to the selected customers. And they succeeded.

These two videos, and the hubbub of our highest court telling us that corporations are people, got me thinking about the whole issue of how companies interact with their communities. Boeing is my hero in this regard; in a very quiet way they have made a huge difference in their community. There are many other companies that do the same. When I was deployed to Katrina, there was a fellow volunteer who worked for Adobe (the software company) and was receiving full salary while he was helping others in a disaster relief operation.

Then there are the ones that are a part of the problem instead of the solution. They don't pay their employees even a living wage so that we taxpayers get to pick up the slack. Their "entry level jobs" are really "dead end jobs". They give just enough back to the community that they can trot out the occasional donation and show what great community citizens they are.

I suppose in this regard the Supreme Court wasn't that far off . . . some corporations are positive contributors to their community, and some are, well, not.

Monday, July 14, 2014

Thank you, Target

The security environment for credit cards in the US has lagged behind Europe for years. We willingly hand our plastic to our server in a restaurant whereas in Europe the transaction is done at the table using a portable wireless reader. Our cards use magnetic stripe technology that's decades old; their cards have a chip. But that's changing.

Today I received the replacement for my Sam's membership card.  Not missing a trick, Sam's has always required their members to establish a credit card that doubled as the membership card. My new card has two big changes:
  • It is a MasterCard, not a Discover card. I have to assume that this is because MasterCard cut a better deal with Sam's, not because Sam's has any interest whatsoever in providing me better service.
  • It is a smart card. I had already noticed that Walmart and Sam's have installed readers for smart cards.
That makes three smart cards now living in my wallet. Not that I ever use the Sam's plastic as a credit card, and changing it to a MasterCard is unlikely to modify that behavior (unless Sam's institutes a new restriction that the only way they will accept payment is via that card, which would not surprise me).

Finally. I have been speculating for years what it would take to motivate vendors and the credit card companies in the US to spend the money to upgrade their technology. Maybe it was the high profile of the Target hack. Maybe it was just the passage of time. We've been talking about this for a couple of decades now; it's overdue.

Saturday, June 28, 2014

Progress, but not consistent

As the years have gone by, the overall sophistication of what we use every day has increased and in most cases the ease of use has improved. We take for granted many things that only a few decades ago even the most imaginative computer scientists could not even imagine. With a couple of clicks I can chat with a friend on the other side of the Earth. I have instant access to vast amounts of information, and I can actually find what I am looking for using search techniques that were unheard of before today's search engines.

Then there's the whole aspect of computer hardware and the magic of making it all work together. When I buy a printer, I take it out of the box, set it up, and my computer finds it and starts to use it. That seems like a simple concept, and we take it for granted today, but not that long ago I would have been looking for tiny switches to configure the printer and installing drivers on my workstation. What takes seconds today took hours (and a lot of expertise, not to mention luck) in the fairly recent past.

When I was getting my start in this field, computers filled rooms. If you added disk storage to your system, you had to essentially rebuild the operating system to support the new configuration. It was pretty much an all-day job. Today we plug in the disk and the operating system starts to use it. (Not to mention that there's more storage on your USB stick than was on the early mainframes.)

But then you wander into the backwater of a product and stumble on a function that somehow was missed, and it's a huge shock because everything else works so well. Outlook is Microsoft's email product. It also does calendaring and some other functions, but I use it primarily for email in my "day job". I use it a lot. It's typical of today's sophisticated software products — many versions have been released, each building on the function of the previous.

But somewhere along the way, the part of Outlook that takes care of mail distribution lists (called "groups" in Outlook) has not received the same level of attention as the other parts of the product. For one thing, there's no way to search — either in a collection of groups or in a single group. And there's no way to change an entry in a group, other than deleting it and re-creating it.

So here's the scenario. We have a dozen Outlook groups, one for each Region in the Division that we serve. These groups range in size from ten members to about a hundred. It's not unusual to need to send email to everyone in the Division, and Outlook makes it easy to do that — just select all the groups, toss them into the BCC line, and off you go. The rub comes when you get a non-delivery notification after sending one of these "blast" emails, and this is something that happens a lot because people leave or change their email address.

So the first step is to figure out which group they're in. The only way to do this is to open each one and eyeball the entries. They're supposed to be in alphabetical order, but that's not reliable because the "display name" may not match the email address, and the email address is all you have to work with. Any modern application would be expected to have a search function which would automate this, but it's not there.

Once you find the offending entry, normally you'll just delete it. But today the problem was a typo; a single missing character in the email address. So just change the entry, right? No. You can't change an entry. I'm mystified as to how this basic action could be missing. But it is.

So delete the entry and re-create. Easy, right? You've got the information you need in the non-delivery notification, so just copy/paste. No. You can't do that. Once you begin the entry-creation process, the only window you can access in Outlook is that window. You can't switch focus to the window that has the data you want to copy/paste.

So here we have an amazingly sophisticated product, and we're trying to do something basic, and the product is making it unbelievably difficult because basic functions simply do not exist. Outlook has bells and whistles that I'll never use, but I can't do a simple "find" or change an entry in a group.

As much as I love to pick on Outlook, this issue is common in today's products. Perhaps none of the developers or designers use this particular function, so no one pays attention to it.

Blog Archive