(In)security
May 28, 2007
Earlier this week I told a story about my bank’s rather poor handling of providing me with a replacement credit card. I was, to say the least, somewhat disappointed by the whole affair, but I had decided to move on. It was all over, I was turning the other cheek and I felt good about it.
And now this – my wife just called to inform me that my replacement debit card, my replacement credit card, her replacement credit card and all three PIN notifications just arrived in the mail. Together.
Words escape me. Polite words anyway.
“Life, is like a grapefruit”
May 24, 2007
Tomorrow is Towel Day, a day we choose to remember the author and atheist Douglas Adams, by carrying around a towel throughout day.
“Science has lost a friend, literature has lost a luminary, the mountain gorilla and the black rhino have lost a gallant defender (he once climbed Kilimanjaro in a rhino suit to raise money to fight the cretinous trade in rhino horn), Apple Computer has lost its most eloquent apologist. And I have lost an irreplaceable intellectual companion and one of the kindest and funniest men I ever met.”
From Richard Dawkins’ Lament for Douglas.
Security By “Gee, I Sure Hope Nothing Goes Wrong”
May 23, 2007
Have a seat children, gather close and let me tell you a tale of security, agenda, externality and banks.
About a month ago I went to my bank (who for the purposes of this story we shall refer to as Bank X) to order a replacement card for my credit and savings accounts. My current card had seen hard use and was in serious danger of splitting into two thinner and infinitely less useful constituent parts. I was informed that it should arrive in 10 working days or so.
Yesterday it occurred to me that I had seen no sign of a shiny new card, so I called the central Bank X helpline to inquire about it’s status. The operator was able to tell me that the card had been issued, and that we had something of a problem because the card did not require any form of activation to be used.
I asked if he was seriously telling me that the bank’s idea of credit card security involved sending a usable card through the ordinary mail service, and hoping that it wasn’t intercepted?
He said “yep”.
I said “good grief”.
He then advised me that the card would need to be canceled, along with my wife’s card for the same credit account. Naively I did not realise (though nor was it made clear to me) that this was because the entire account would be shut down and reissued with a new account number. Thus when I attempted to transfer credit funds onto my savings account account I was somewhat surprised to discover that the account was gone. I called back and was informed that the account had indeed been shut down and I would not have access to it until I received the new card.
In 7 working days.
At this stage I am afraid that I kind of passed the point of calm understanding. I have several bills that are directly debited from the visa account, and now faced the possibility of these payments defaulting. I also have online orders with Amazon (which are only charged when the item is delivered into stock and about to ship) and if my current order is canceled I will have to wait up to another month just for it to be restocked. At no stage during the process was it made clear to me that the whole account would be inaccessible until I received the new card. No suggestion of transferring funds before the closure or making alternate arrangements for any direct debits was offered. Nor was any attempt made to offer useful suggestions for resolving the issue or escalating my dissatisfaction.
So with no suggestions forthcoming from the call center (other than the brilliant and utterly useless observation that “it can be a good idea to have a second card for emergencies” – duh! That’s what the first card was for!) I found a number for a customer service line which I then called to at least register some kind of formal complaint. I was served by an operator who was not able to get me the card any quicker, but could get me the new account/card number and expiry date the next day when they were reissued.
While this provided a partial solution allowing me to change payment details with my direct debits, it has not been sufficient to provide me with a satisfactory resolution. It is appalling that the system for issuing a replacement card is so brittle and tightly coupled that the basic failure case (of a card going missing in transit) has an enormously disruptive consequence for the customer, through no fault of their own. I understand that the convenience (to both Bank X and the average customer) of sending out the new card without any safeguards likely far outweighs the inconvenience of what was described to me as a fairly rare event, but if this is the case surely such a rare event should have a useful response case by which the situation might be resolved more expeditiously (rather than just treating it as a card lost by the customer). If the consequences of such an (even rare) event are so dire, then they could be pointed out to the customer when ordering the new card, and an option provided of picking up the card from a branch or having the card sent by registered post for some additional fee.
I have a salary being paid in the next few days and thus will not now financially suffer unduly from the lack of access to my account, but if this had occurred early in the month I would have completely lost access to my funds for up to two weeks. Such a situation would have extremely dire consequences and was only avoided through sheer blind luck, rather than the bank’s systems or any conscious design. It seems to me that the cost of this situation (both financially and in time and convenience) is an externality to the bank, a cost not born by the business itself, and as such merits little attention. I shouldn’t be surprised really, Bruce Schneier has long pointed out that security and associated systems are at the mercy of agenda and financial pragmatism, but in a supposedly market driven world it is always a little bit of a shock to be shown just how little one person’s opinion can matter.
Debating pseudoscientific nonsense
May 10, 2007
I’ve managed to scrape up some footage of the debate to scientifically prove god’s existence between two members of the Rational Response Squad and the dynamic duo behind Way Of The Master, Kirk Cameron and Ray Comfort.
Here is video posted by the Rational Responders – they’ve edited it, so it’s not entirely unbiased:
You can also view a clip on the ABC website.
From what I can see Ray and Kirk just trotted out the same old painting/painter argument from design and their very own ten commandments version of Pascal’s Wager (which incidentally violated their own premise that their proof could be made without referring to the bible).
The Rational responders didn’t do too badly, but Ray is a polished speaker and can talk complete crap without flinching, so every time they stumble over a point it looks like they don’t know their material – and unfortunately appearances count for a lot in this kind of show-trial format.
Ray and Kirk’s arguments are completely devoid of anything resembling logic, reason or perception of reality. I mean seriously, that argument from design gets refuted every damn time ray says it (changing the analogy from a watch to a coke can to a painting to whatever, does not make this a better argument) and he still uses it. Is he is stupid or wilfully disingenuous? You can’t argue with these people, because they just ignore your explanations or refutations and repeat their same old debunked argument as though repetition makes their argument less stupid.
To be honest, I’m not entirely sold on the whole debate concept. I have long thought that it is generally bad policy to debate creationists (or other flavours of pseudo scientific lunatic for that matter). It gives the loonies a legitimacy that they don’t deserve and I think that the debate format contributes little to the understanding of an issue (and can actually trivialise the enormous weight of methodology and review that corroborates a legitimate scientific theory – victory in debate is generally more reflective of the winners skill at debate that the actual information presented). A theory like Darwinian evolution has survived 200 years of scientific critique and it is undignified and wrong to have to defend it adversarially against a guy who’s main argument is based on biblical literalism.
(Having said that, I’m going to completely contradict myself by saying that there are a couple of people I’ve heard debate whom I consider exceptions to the rule. Dr Steven Novella of the Skeptic’s Guide to the Universe podcast is a clear and precise speaker who knows his material and is adept at not allowing logically dubious assertaions to go unchallenged. You can hear him here defending the scientific legitimacy of the field of Psychiatry against Dr. Fred Baughman.
When it comes to debating evolution, I don’t think I have heard anyone better than Dr Massimo Pigliucci. He is brilliant, charming, articulate and funny, grinding creationists to make his bread. More Infidel Guy audio with Dr Pigliucci debating Robert Allen here and “Dr” Kent Hovind here.)
My Kung Fu is the best, puny atheist!
May 4, 2007
In response to the Blasphemy Challenge sponsored by the Rational Response Squad, Ray Comfort and Kirk Cameron have decided to challenge two atheists to a debate to prove god’s existence. From this article:
Two Christians are meeting two atheists in a televised debate with the subject the existence of God, and Ray Comfort, a best-selling author and expert on Christian evangelism, says he can prove the existence of the Almighty in his allotted 13 minutes – without mentioning the Bible or faith.
This I have to see.
“We are excited that the network has decided to do this, because we have something very relevant to present,” said Cameron. “Most people think that belief in God is simply a matter of blind faith, and that His existence can’t be proven. We will not only prove that God exists, but as an ex-atheist I’ll show that the issue keeping so many people from believing in God – Darwinian evolution – is completely unscientific. It’s a fairy-tale for grownups.”
Evolution is “unscientific”? This can’t be going anywhere intelligent…
Comfort told WND he’s constantly amazed at “how many respectable men of God say you cannot prove God; that it’s only a matter of faith.”
“I’ve seen atheists backslide when they’ve heard me provide them proof,” he said.
I have audio of Ray Comfort debating the existence of god at an atheist conference. His argument was a bizarre blend of anecdote, personal revelation, scripture as evidence and poorly realised analogy. One could be forgiven for thinking that his strategy was to say stupid things until the atheist’s head exploded from the agonising barrage of wrongness.
“Most people equate atheism with intellectualism,” Comfort said, “but it’s actually an intellectual embarrassment.”
Well, someone here is an embarrassment. I’ll follow this one and keep you posted.
Kirk Cameron is a Growing Pain in the butt
May 3, 2007
If you have a particularly strong stomach and bandwidth to spare, have a look at Way Of The Master,
the proud creation of Kirk Cameron (need I say more) and Minister Ray Comfort.
Some of you may remember Ray for his proof of god’s existence known as “the Atheist’s Nightmare“:
(For bonus points, can you count the number of logical fallacies? And I’m not entirely convinced he was talking about fruit either…)
Of special interest is the “Are you a good person test”, that seems specifically designed to convince a non-christian user they have personally broken all 10 of the commandments, and made god very, very angry. Of course you have to believe in god for that to have any power over you, but why introduce logic at this late stage? The whole tone of the website is actually a little scary, but you don’t notice it at first because it’s hidden behind a wall of really stupid arguments.
Feel like your brain is about to explode? Then grab a cool refreshing slice of reality here, with audio of The Infidel Guy Reginald Finley reviewing the test. (Most of his shows require sponsorship, but this should be one of the archived shows he offers for free.) If there were more people like Reg around, I’d be a whole lot less worried about the influence of the Kirk Camerons and Ray Comforts of this world.
Way of the Master? Way of the doofus more like.
The Universe doesn’t care what you believe…
May 2, 2007
Har har. I want the tshirt.
I’m kind of snowed under with work at the moment so I’ll try to be brief, but I had to express my horror at this as reported by the Age:
In a move condemned by civil libertarians, the police are seeking access to the driving licence photographs of almost every adult in the state.
It is part of a plan to introduce facial recognition technology as a crime-solving tool at police stations in the next 18 months.
Words escape me. Almost.
As I see it, there are two main areas to look at here. Firstly the obvious – civil liberty issues.”Wholesale surveillance” (which is based on watching everyone, just in case) has great forensic value to investigators, but also has enormous potential to encroach on the personal privacy of those being observed. This kind of system presumes potential guilt in everyone, and to my mind makes the dangerous precedent of shifting the burden of proof toward the defendant.
Also, in this case the licence photos are being used for a purpose for which they were not originally intended. What is there to prevent the whole facial recognition system being eventually repurposed in such a fashion? “Trust us, we won’t misuse it” isn’t really good enough.
The second major area of concern is the technology itself. The referenced article appeared accept the functionality of the technology as a given, without any supporting evidence or justification. Well, I’m not an expert in computer vision, but I’ve studied it as part of an Artificial Intelligence course, and last I heard there were still serious issues with facial recognition systems (just look at the problems with real-time facial recognition such as reported here). Presumably detailed specifications of the system to be employed will be restricted for security reasons, but such new and unproven technology gives rise to many unanswered (and for that matter, apparently unasked) questions. What is the accuracy of the system? How high is the rate of false negatives? False positives? For that matter, what is the cost of a false positive? If the system to be used to trawl for potential matches as a line to further investigation the cost is relatively low, but if search results are used as evidence or probable cause then that is a much more serious issue.
And of course, as with any such database, how secure is it? A spokesman for the Victorian Police reassured us:
Sergeant Spry said measures had been put in place to protect people’s privacy and to prevent hacking.
Is he serious? People who are experts in computer security can’t stop systems being hacked. The only way to ensure that a system is safe from hacking or abuse is to not build it in the first place. And as to privacy, any supposed “measures” to protect peoples privacy bear very little weight with me until audited by an independent body with expertise in the field.
Liberty Victoria vice-president Michael Pearce said:
“This would be a breach of the Government’s own privacy principles, which restrict the use of information to the purpose for which it was provided,” he said.
Mr Pearce rejected the suggestion that people with nothing to hide should not be concerned.
“That’s the sort of argument that was popular in Nazi Germany and Stalinist Russia and has no credence at all in a free society,” he said.
The old faithful “If you’ve got nothing to hide, you shouln’t have anything to worry about” argument-from-stupidity continues to be tangential to the point really – privacy isn’t just about hiding wrongdoings, it’s also about not having to share information that is no-one else’s business. Do you tell everyone you meet your salary? How many people you’ve slept with? The length of your penis? Your breast size? How often you go to the toilet? Of course not – and not because you’ve done something wrong – but because, well, it’s private.
Systems like this seem to get through on the idea that security and privacy are mutually exclusive, that somehow you have to give up one to get the other, but this is just not the case. Look at aircraft security systems post 911: ridiculously invasive, inconvenient and reactive screening procedures, restrictions on personal carry-on items and watch-lists rife with false positives. Yet the measures most likely prevent a recurrence of these incidents are reinforced cockpit doors, passengers who know that they have to fight for their lives and money spent on investigation, none of which have anything to do with passenger privacy.
Giving up your privacy doesn’t make you more secure, just more naked.
