Ceci n'est pas un Bob

In Memoriam

2009-06-22T22:28:00.004-05:00

I'm breaking one of my rules because I can't bear to headline this entry with a picture.

As if it weren't bad enough that American Airlines has just announced the demise of the "nerd bird" nonstop flights between Austin and San Jose (when people ask where I'm from I tell them that I live on the nerd bird and vote in Austin) - today comes word of an even more momentous loss.

Kodachrome is no more. It was the world's oldest film in continuous production (invented in 1935 by Kodak's Leopold Godowski and Leopold Mannes - "God and Man") and the most stable color film in existence.

In my closet are 100 Kodak Carousel trays of the Kodachrome slides my grandfather took in 40 years' travel around the world. I have pictures of the Sydney Opera house, unfinished. Of temples in Southeast Asian countries an American can't visit anymore. Of my grandmother in a middle East that now seems like a fairy tale.

All those slides look as good today as they did on the long-ago days the mailman brought them back to Annapolis from the lab.

Kodachrome gave us the nice bright colors; it gave us the greens of summer. It made all the world like a sunny day.

Oh yeah.

Thanks, Kodachrome. You gave us 4 years more than the requisite threescore and ten, and those of us who knew you will never forget.

Cyber Security

2009-06-01T11:54:00.002-05:00

The Obama administration released the results of its Cyber-Security Review last week. The report's conclusions and recommendations aren't going to do any harm, but they're not going to solve the cyber-security problem either.

Start with the obvious: information security has failed, as a technology and as a discipline. A lot of security professionals object to this statement, but let's get real. Hundreds of millions of credit card numbers are stolen from retailers, processors, and other online properties every year. Foreign hackers roam the systems supporting major national defense projects. Spam, malware, and viruses circulate constantly despite the purchase and use of millions of dollars worth of anti-malware tools. Serious penetration tests succeed essentially 100% of the time. The list goes on; the news is all bad, and it's on all the time.

The Cyberspace Policy Review team wants to fix this by building "next generation secure computers and networking for national security applications"; it also wants the government to "provide a framework for research and development strategies that focus on game-changing technologies." These are fine goals, but they're not going to solve the cyber-security problem.

If we eventually do solve the cyber-security problem, the cause of our success is almost certainly not going to be the new, smart things we start doing. It is going to be the old, dumb things we stop doing.

The dumbest thing we're doing right now, in a nutshell, is optimizing our systems for low cost, fast performance, and convenience in the average case. Designing systems this way requires tradeoffs, and those tradeoffs make the systems unsafe in the worst case.

We optimize for the average case because when we're using systems, we're almost always using them in the average case. Things are fine, and we want our systems to be cheap, easy, and fast (insert your own obvious joke here).

We almost never see the worst case, so we don't worry about it much. But that doesn't mean that the worst case isn't a big problem. We built New Orleans' levees for the average case; hurricane Katrina destroyed them (Katrina, of course, wasn't even close to the worst case). We've built our cyber infrastructure, like New Orleans' levees, for the average case.

Unless we (the information security industry, the technology industry as a whole, and society generally) stop sacrificing worst-case safety on the altar of average-case convenience, we're going to continue to fail. But rebuilding cyberspace for a safe worst case is going to require sacrifices.

The Cyberspace Policy Review says "The national dialog on cyber-security must begin today." I agree. Let's start the dialog with a conversation about what sacrifices we're willing to make to get to an acceptable worst-case performance. Here are four questions to get the ball rolling:

Question 1: Are we willing to give anything up?

Not everything can be made secure, and securing some things makes them slower, or less convenient, or less flexible. If we really want security, we're going to have to give up some other things we want. We need to be clear about where security falls on our scale of priorities, we need to be clear about what type and magnitude of loss we're willing to sustain as a result of cyber-security failures, and we need to be clear about what we will have to give up in order to get the security we decide we need.

Are we willing to give up the ability to execute code downloaded from untrusted sources? Are we willing to give up instant enrollment in new services with no meaningful background checks? Are we willing to give up anonymity? Are we willing to give up connecting critical systems to the public internet, even if it means we've got to put human operators in more places to manage disconnected systems?

Question 2: Are we willing to do anything different?

For years the technology community and society generally have been headed down the path of using cheap, generic, general-purpose components for everything. The government calls this strategy "COTS" (Commercial Off-The-Shelf). The strategy is great for building a cheap, convenient average case. It's terrible for building a safe worst case.

Complicated general-purpose systems are impossible to secure. A complicated system sometimes does things its users and even its designers didn't expect. This makes complicated systems unsafe. But we keep using complicated general-purpose systems (Windows computers, for example) to handle security-critical and even safety-critical tasks. It's a recipe for disaster, but it's easy because complicated general-purpose systems are cheap, and they're easy to customize for new applications. Small, simple systems, carefully designed for one specific job, are much safer - but they're also more expensive to buy and more time-consuming to build and test.

Are we willing to build new, special-purpose tools to help us secure cyberspace? Are we willing to tell the general-purpose system vendors that we're not going to use their wares in critical applications?

Question 3: Are we willing to take any blame?

If your painkiller kills not just pain but patients' hearts, you pay the victims. If your Pinto turns into an external combustion engine, you pay the victims.

If your financial software leaks a couple hundred million credit card numbers to a hacker, you write a press release describing your commitment to security.

Are we, the information security community, willing to assume a duty of care to those who use our products? Are we willing to submit to liability when our products are defective or fail to meet a minimum standard of fitness for purpose?

Bruce Schneier has argued in favor of liability for security failures; in fact he's argued that we can't solve the problem without it.

Question 4: Are we willing to give any guarantees?

If your lawnmower doesn't cut grass, or if your printer doesn't load paper, you can take it back to the store and get your money back.

If your information security product doesn't keep hackers out of your corporate secrets, you're out of luck.

Are we, the information security community, willing to stand behind the performance of the products we build?

John F. Kennedy, in his inaugural address, promised the world that the United States would "pay any price, bear any burden, meet any hardship, support any friend, and oppose any foe" to assure the survival of liberty. What, if anything, are we willing to do to assure information security?

The Porkalypse, Blakley's Law, and the WHO

2009-05-01T11:25:00.004-05:00

Swine Flu has been downgraded to Influenza Type A (H1N1) for the sake of the pigs, but the WHO Epidemic and Pandemic Alert and Response Phase is still at 5 ("A pandemic is imminent").

The Department of Homeland Security claims that its National Threat Advisory is at "Yellow" ("Significant risk of terrorist attacks") - but DHS is just kidding. For air travellers it's still "Orange" ("High risk of terrorist attacks").

At first glance these two alarming indicators seem similar. They're not. The DHS National Threat Advisory is a public alert system. That a public alert system is indicating imminent disaster is not surprising. In fact it's inevitable. It's the nature of public alert systems to signal imminent disaster at all times. I've composed "Blakley's Law" (next time I come up with one of these I'll rename this one "Blakley's First Law") to describe the phenomenon:

"Every public alert system's status indicator rises until it reaches its disaster imminent setting and remains at that setting until it is retired from service."

It's easy to see why Blakley's law holds: if something terrible happens and the alert status didn't predict it, the keepers of the alert status will be blamed for not preparing us for the disaster. Setting the alert status to "Disaster imminent" when no disaster is likely costs the public some money and mental health, but it doesn't hurt them in other ways. On the other hand, setting the alert status to "Don't worry, be happy" just before a disaster does happen is the worst case for everyone - nobody prepares for the disaster, and the people in power lose their jobs for failing to prevent or prepare for the crisis.

This is why public alert systems are silly; for political reasons they always tell people to be afraid, but most of the time nothing bad happens so people develop distrust and contempt for the alert system and its operators over time.

It's a pity that the WHO pandemic alert and response phase indicator is being used by the media as if it were a public alert system, because the phase indicator wasn't designed as a public alert system, and what it was designed to do - and does do - is quite important.

What the pandemic alert and response phase indicator was designed to do is to alert healthcare, government, and first-responder organizations (NOT the general public) to prepare to deal with a serious disease outbreak if it occurs. Unlike DHS, which releases none of the underlying facts supporting the National Threat Advisory's current status, the WHO operates the Pandemic Phase as a fact-based system and publishes the phase criteria along with the current phase setting. The real audience for the WHO's status indicator are people who can do something to help if a pandemic breaks out, do need to know what the current situation is to make proper plans, and won't panic when they receive the information.

Unlike the media. And the public.

Influenza Type A (H1N1) may still turn out to give us a very bad season (though that does not seem very likely right now). But the biggest hazard we face from the porkalypse of 2009 seems to me to be that the media's misuse of the WHO's information may discredit the very system we will depend on when we finally do have a really deadly pandemic.

The Zone of Essential Risk

2009-03-27T09:31:00.003-05:00

Bruce and I recently had a bit of email conversation about his eBay Fraud blog entry.

I emailed him saying that this incident is the fraud pattern for which escrow agents were invented; Investopedia defines an escrow agent as:

An entity that has fiduciary responsibilities in the transfer of property from one party to another. Typically associated with selling or buying a home or other property, the escrow agent will secure the property and examine documents to make sure that the terms of the sale are met on each end, serving both the buyer and seller in the transaction.

Bruce pointed out in his return email that while the fraud pattern was a good match for escrow, the transaction size wasn't: since the item exchanged in the eBay transaction he highlighted was sold for only $500, the price of an escrow agent would have been hard to justify. He's right.

We ran into each other at the IAPP Summit and discussed the situation a little more, and I've concluded on the basis of our little chat that there's actually no good solution to the problem in Bruce's example; it falls into what I'm going to call a "zone of essential risk".

The figure at the head of this post illustrates the problem. If you conduct infrequent transactions which are also small, you'll never lose much money and it's not worth it to try to protect yourself - you'll sometimes get scammed, but you'll have no trouble affording the losses.

If you conduct large transactions, regardless of frequency, each transaction is big enough that it makes sense to insure the transactions or pay an escrow agent. You'll have occasional experiences of fraud, but you'll be reimbursed by the insurer or the transactions will be reversed by the escrow agent and you don't lose anything.

If you conduct small or medium-sized transactions frequently, you can amortize fraud losses using the gains from your other transactions. This is how casinos work; they sometimes lose a hand, but they make it up in the volume.

But if you conduct medium-sized transactions rarely, you're in trouble. The transactions are big enough so that you care about losses, you don't have enough transaction volume to amortize those losses, and the cost of insurance or escrow is high enough compared to the value of your transactions that it doesn't make economic sense to protect yourself.

As far as I can see, there are only three ways out of this box: make your transactions smaller, make your transactions bigger, or make your transactions more frequent. If you've got a better idea, I'd love to hear it. But unless you do, I'd advise you not to order your risk medium-rare.

Martin

2009-01-19T00:27:00.004-06:00

Today we celebrate Martin Luther King.

What I celebrate him for, more than anything, is that he reminded us how to handle injustice.

He did not handle injustice by attacking it, or by blaming others for it, or by taking it to the courts, or by running from it, or by despairing in its face.

He dealt with it by naming it. Again and again, in the face of scorn and threats and violence and discrimination, he stood up and he called it what it was. He said "this is injustice".

It really is that simple.

After a long while, people listened to Martin, and they looked, and they saw injustice.

It's not all gone. But after Martin, it couldn't hide.

Happy Martin Luther King day. Name the injustices you see.

Role Model

2009-01-04T21:11:00.003-06:00

This is Brent Jeffery. I met him tonight on MARTA's Orange-line train from Atlanta Hartsfield airport to Lindbergh Center, and I'm in awe of what he does.

To put it in perspective, I speak to audiences for a living. I've done it for a long time (more than 25 years), and I had a lot of training - 9 years of drama, speech and debate in Junior High School, High School, and College. I'm a good presenter. I study presentation experts like Garr Reynolds, and I watch the best of the best at places like TED to see how I can improve. I spend a lot of time making my presentation materials informative, entertaining, and attractive. But for an old throat injury which forces me to clear my throat a lot to keep my voice from breaking, my delivery is fluid and natural. My audience ratings are consistently high.

I couldn't do what Brent does, though - at least not without a lot of practice and preparation, and not without developing a kind of courage I don't need to have to do the presentations I've been doing up til now.

I do sometimes talk about sensitive subjects - privacy, for example - but I speak to audiences who sign up to come to my talks, who know what I'm going to be talking about, and who want to be there.

Brent talks about the Bible to complete strangers on public transit. His audience paid two bucks to go home, and a lot of them are tired and crabby after a hard day at work or a series of delayed flights. They're not expecting entertainment, and they're sure not looking for a sermon.

After the MARTA train's doors close at the start of the trip, Brent gets up and asks a car full of Atlanta's weary travellers if they can spare two minutes to hear about God.

A lot of them listen. I did. He promises that it will only take two minutes. It's an exaggeration; it's really more like ten minutes. But it seems like two, because Brent's a great presenter.

And he hands out a presentation. Nothing fancy; just a xeroxed page containing a four-paragraph sermon on one verse of the Bible. Today's verse was Proverbs 13:20 ("He that walketh with wise men shall be wise: but a companion of fools shall be destroyed.") Here's the handout:

When he gave it to me, he assured me it wouldn't bite. I guess a lot of people don't reach eagerly for the paper.

Like I said, it's nothing fancy. But Brent respects his materials; at the end of the talk he comes back around the car and asks you not to throw the paper away; you're free to keep it, but if you're not going to keep it, he'd appreciate having it back. Part of the concern is surely for saving money on printing, but I bet if you asked him he'd say that a paper which might bring someone an important message shouldn't be wasted in the trash.

Brent's an inspiration to me as a presenter, and he's reminded me of something important: the most important part of a truly outstanding presentation is a profound belief that the message you're trying to communicate really matters to your audience.

If you're reading this, Brent, thanks for the lesson. It was a pleasure to meet you.

The 2008 Ceci Award

2008-11-05T10:54:00.003-06:00

Penny for the Guy?

It's that time of year again; Guy Fawkes day is here, and with it comes the presentation of the annual Ceci award for the year's most significant contribution to clear thinking about identity, privacy, security, and risk.

Modern Britons often say that Guy Fawkes was "the only man ever to enter Parliament with honorable intentions"; this year's award goes to the US Army, which, with the publication of US Army Field Manual FM 3-07, has demonstrated that it's about to become the only army ever to enter conflict with honorable intentions. Here I don't mean that other armies aren't honorable; I do mean that for the first time the US Army has as an explicit goal not only "victory" but also the transformation of conflict zones into stable, peaceful states under the rule of law. FM 3-07's remarkable opening quote, from Colonel Sir William F. Butler, holds up the example of General Charles George Gordon's British Army as a force more ready to create than to destroy:

It is needless to say that Charles Gordon held a totally different view of the soldier’s proper sphere of action, and with him the building part of the soldier’s profession was far more important than the breaking part…. The nation that will insist upon drawing a broad line of demarcation between the fighting man and the thinking man is liable to find its fighting done by fools and its thinking by cowards.

In this spirit, FM 3-07 introduces the notion of "conflict transformation", which it defines as follows:

Conflict transformation focuses on converting the dynamics of conflict into processes for constructive, positive change. Conflict transformation is the process of reducing the means and motivations for violent conflict while developing more viable, peaceful alternatives for the competitive pursuit of political and socioeconomic aspirations. It aims to set the host nation on a sustainable positive trajectory where transformational processes can directly address the dynamics causing civil strife or violent conflict. It seeks to resolve the root causes of conflict and instability while building the capacity of local institutions to forge and sustain effective governance, economic development, and the rule of law.

Contrast this with the goals of our current enemy, as recited by Abu Dujan al Afghani after the Madrid train bombings:

"You love life and we love death, which gives an example of what the Prophet Muhammad said. If you don't stop your injustices, more and more blood will flow and these attacks will seem very small compared to what can occur in what you call terrorism.

Those who aim only to destroy can never defeat those who aim to create; the contrast is too stark and the choice too obvious. Winning a war against extremist terrorists should be a sure thing, and it is in the long run - but only if we offer an alternative that's not based on pure destruction. Shock and Awe failed this test; FM 3-07 passes it. Look at the focus on legitimacy:

Legitimacy is central to building trust and confidence among the people. Legitimacy is a multifaceted principle that impacts every aspect of stability operations from every conceivable perspective. Within national strategy, legitimacy is a central principle for intervention: both the legitimacy of the host nation government and the legitimacy of the mission...
The credible manner in which intervening forces conduct themselves and their operations builds legitimacy as the operation progresses. Highly professional forces are well disciplined, trained, and culturally aware. They carry with them an innate perception of legitimacy that is further strengthened by consistent performance conforming to the standards of national and international law. For military forces, a clearly defined commander’s intent and mission statement are critical to establishing the initial focus that drives the long-term legitimacy of the mission.

An army thoroughly trained in this doctrine would not have suffered the disgrace of Abu Ghraib, and its officers and men would not have countenanced waterboarding.

We are safe when we are just as well as strong. If we must use the Army, we should use it not only in a just cause but also in a just fashion. FM 3-07 provides a foundation for doing that.

Congratulations to Gen. William Caldwell, LTC Steven Leonard, and the US Army Combined Arms Doctrine Directorate on the publication of FM 3-07. As always, acceptance comments are not expected but would be most welcome.

The End of Taxation

2008-11-04T14:33:00.003-06:00

With the election cycle coming to a close here in the USA, there's lots of the usual talk about tax reform. During the campaign, Ron Paul, Mike Huckabee, and John McCain endorsed a "fair tax" - basically a flat national sales tax intended to replace the income tax; Sam Brownback and Rudy Guiliani wanted a "flat tax" - a single-rate income tax. Various candidates wanted to whittle around the edges of the tax code by repealing (or not) the estate tax, raising (or lowering) the capital gains tax, taxing (or not) carried interest, taxing (or not) carbon emissions, raising (or lowering) cigarette and gasoline taxes, and so on. And of course, Barack Obama wants to cut your taxes if you make under $200,000 - a number Joe Biden can't seem to remember. The shared consensus underlying all these proposals is that the existing tax code is neither fair nor simple - and this consensus is correct.

But none of the existing proposals will fix this problem. They'll just reward the constituency of the winner of tonight's election. We'll continue to tinker unsuccessfully with the tax code until we come to grips with a fundamental issue: taxation itself is obsolete.

Wikipedia says taxes originated 5,000 years ago in Egypt. This might be right, or it might not - we probably don't actually know when taxation was invented. But we do know why it was invented. It was invented because Pharaoh was a senior executive: instead of doing work, he supervised it.

Although Pharaoh didn't cultivate a garden, he still had to eat: he had to rely on the fruits of others' labor in order to set his table. Laborers being laborers, many of those growing the fruits doubted that Pharaoh was earning his supper, so they sent rotten produce, or they sent their regrets.

And (Pharaoh being Pharaoh) when the laborers sent their regrets, Pharaoh sent his army, and his army took everything they thought Pharaoh might need to impress his dinner guests (plus a little bonus for the Captain, as I'm sure you'll understand).

In order to minimize conflict (and to keep the Captain poorer than Pharaoh!) this system of royal confiscation was eventually systematized and scheduled, so that the laborers would grow accustomed to the seizures and plan their productivity accordingly (rather than, say, getting all surpirsed and in a huff, and marching on Thebes with sharp farm implements). The result was a tax.

Pharaoh really had no alternative to taxation; he needed grain for his bread and papyrus for his scrolls and tallow for his candles, and the only way to get these things was to go to the people who had them and claim a portion.

Now flash forward 1500 years and swim the Mediterranean to Rome. The Republic, and later the Empire, found it inconvenient to scour the landscape for cattle and grain and tallow and wine every time the legions needed to be paid; the logistics were too daunting, and it was tough to remember that Severus wanted 200 candles but Quintus wanted a cow. So the Romans innovated and came up with a standard medium of exchange - salt. Salt was great stuff. It was infinitely divisible, it was small in proportion to its value, it was imperishable, and it was in lots of demand because you could use it for many useful purposes, including curing meat and hides and flavoring food. So the legions were paid a "salary" (salt ration). Quintus could use his valuable salt to make his camp rations taste better, or he could trade it to the local farmer for that cow he had his eye on.

Commodity media of exchange make taxation much easier. You don't have to see if the cow Quintus sends to the emperor is scrawny or has foot-in-mouth; all you have to do is weight the salt. So the laborers began to bring a portion of their salary to the seat of government and turn it in. They had to do this, of course, because the Republican (and later the Imperial) tax authorities couldn't just make salt - they had to collect it.

Salt is, unfortunately, somewhat tough to test for purity. And, laborers being laborers, they tended to mix the Emperor's salt with sugar, or quartz crystals, or flour, or cocaine, or any number of other things. This made it hard for the Emperor's tax collector to know when he was being cheated. The Emperor hated to be cheated, so he encouraged his tax collectors to innovate. They did so by switching from salt to metal coinage. Soft metals can be tested for purity using a touchstone. Some soft metals are also nice and rare, and they can be turned into pretty jewelry, so they have intrinsic value. And they have another property which is just irresistable to a megalomaniacal Emperor - you can stamp pictures (of, oh, let's see - the Emperor?) onto them, and those pictures are fairly hard to copy exactly and fairly hard to deface.

Putting his face on metal coinage gives the coins a property very dear to the heart of the all-powerful Emperor: he can control its supply. The laborer can't use just any old pure silver as a coin - he can only use a piece of silver with the Emerpor's very own personal face (and other symbols of authority and value) stamped on it. And the Emperor can strictly control who gets to do the stamping. Now pesky foreign potentates can't get richer than the Emperor, at least on the Emperor's own turf, because only the Emperor can create valuable currency.

Taxation was still necessary with metal coinage, because, while the Emperor could make coins, he couldn't make silver - so he had to have the laborers hand in some of their coins so he could turn around and give them to the people who mined his silver and brought it back to the mint.

Now flash forward another thousand years or so. People were getting pretty flush in Europe, and carrying around big bags of metal coins was starting to be a drag. The bags were heavy, and bandits tended to notice them. Keeping the bags under your pillow at home was no solution, as it attracted unwanted visitors. Storage and transport of money, in short, was starting to cause problems. Enterprising merchants, being enterprising merchants, came up with a solution. German merchants began accepting cash deposits and issuing receipts; these receipts (which were much lighter and less conspicuous than bags of cash) could be used to reclaim the deposited amount of metal coinage - either from the merchant who issued the receipt, or from another cooperating merchant. These merchants quickly started charging for their services; they became bankers, and their receipts became a form of paper currency.

As paper currency established itself, people used it to pay their taxes. It was still necessary for the government to collect actual currency from its citizens, since the currency was tied directly to the commodities the government needed to use to build its roads, feed and equip its armies, and write and enforce its laws.

Things worked pretty much this way for a long time; until, in fact, 1975 - at which time the US Government declared that the value of the dollar would no longer be tied to the price of gold. The dollar thus became a fiat currency, which meant, essentially, that the dollar became valuable "because we say it is" rather than "because you can trade it in for a specific amount of some valuable commodity".

This is where our hero - J.S.G. Boggs - comes in. Recall that we first met Boggs way back when we were talking about Similarity vs. Identity. The question Boggs repeatedly forces us to try to answer is "what is money, and why is it valuable?" Here's Boggs on Boggs, as told to Lawrence Weschler:

"Some of the early American paper bills included engravings on the back depicting the metal coins for which the paper bills could at any moment be redeemed. On the back of the five-dollar silver certificate, put out in 1886, there was a picture of five silver dollars. If you wanted to know what a five-dollar bill represented in those days, all you had to do was look at the picture on the back. But anyway, when they started withdrawing the dollar's metal backing - when you couldn't redeem your dollars for gold and in fact were no longer even allowed to posses gold on your own except as jewelry - that's when they started putting that phrase ("In God We Trust") on the currency. When you could no longer trust in gold, they invited you to trust in God. It was like a Freudian slip." "It's all an act of faith. Nobody knows what a dollar is, what the word means, what holds the thing up, what it stands for. And that's also what my work is about. Look at these things, I try to say. They're beautiful. But what the hell are they? What do they do? How do they do it?"

In a fiat-currency system, value is "Boggsian"; there doesn't have to be any particular amount of fiat currency, because there's no absolute standard of value, because it's all fundamentally an act of faith. The basic idea (the "act of faith") behind the value of fiat currency is that the "total wealth" of a society is in some sense equal to the "total value" of all the currency the society has in circulation. If society's total wealth stays the same but the government prints enough currency to double the money supply, the value of each individual bill is cut in half. And, conversely, if society's total wealth stays the same but the banks all get together and throw a party at which they burn half of the bills in existence (a depressingly plausible scenario given recent events), the value of each of the remaining bills doubles.

Let's look at one sentence of the previous paragraph again: If society's total wealth stays the same but the government prints enough currency to double the money supply, the value of each individual bill is cut in half. Think about that carefully; what it means is that every time the government prints a dollar, it is effectively taking that dollar away from "everyone". A government which can do this doesn't need to collect taxes; it can just print the money it needs, and the appropriate amount of value is subtracted from the money you and I still have - automagically! Aristotle would hate this; it's action at a distance.

It's that simple. Taxation is no longer necessary. It's an artifact of an older time when money was made out of stuff instead of made out of ideas. As soon as enough of us realize this, we can simply close the IRS and H&R Block and the Tax Courts.

Each year, the congress can simply instruct the Bureau of Engraving and Printing to fire up the presses and fund the federal budget. This will do the same thing as collecting taxes, but it will do it in a different way: by driving up inflation. It will be, to coin a phrase, a "Boggs Tax".

Switching to a Boggs Tax would have a lot of good effects:

A Boggs Tax taxes wealth. It does not tax income, or economic activity, or personal behavior - which is good because taxing any of these always discriminates against some groups and in favor of others. Because it can't be sheltered against (see below), it taxes the very wealthy much more heavily than the current system does.
It requires no expense to collect. The government simply prints the money it needs. There is no tax return preparation, no Internal Revenue Service, no audit, and no court proceeding.
There is no way to shelter against a Boggs Tax - every dollar in existence is automatically taxed. Whether a dollar sits in the Cayman Islands, or in the bank, or in a municipal bond, or in a corporate stock certificate, or in a mattress, the tax is applied to that dollar as if by magic. A Boggs Tax taxes dollars held overseas just as effectively as those held at home, it taxes dollars held secretly by criminals just as effectively as those held by honest taxpaying citizens, it taxes the "underground" (cash) economy just as effectively as the official economy, and, as a special bonus, it even taxes counterfeit North Korean $100 superbills just as effectively as red-white-and blue US Bureau of Engraving and Printing honest-to-goodness real $100 bills.
There is only one public-policy argument where before there were two. Today we have to talk about who we will take money from and who we will give it to. Under a Boggs tax, we only have to decide who to give it to - since it's taken from every dollar automatically.

There are a couple of arguments against a Boggs tax; it seems to me that the three most important are these:

While a Boggs Tax is radically more progressive than today's tax code at the top end of the wealth scale, it's much more regressive at the bottom end - it taxes the meagre wealth of the poor at the same rate as it taxes the rich. But there's no real problem here; simple annual subsidies to the poor can relieve their burden, and as a bonus, all government's activities are focused on distributing money (which makes people happy) rather than confiscating it (which makes them angry), so the quality of the average citizen's interactions with government improves.
There is evidence to suggest that high inflation makes economies unstable, so a system which operates by increasing inflation might have bad economic effects. I'm not an economist, and I have no desire to play one on TV, so I'll leave this one, for the most part, to the professionals. But I will observe that we already pay an economic cost for our current tax system; operating the IRS and the tax courts, and requiring every citizen to burn a day (or a week) of productive time or pay an accountant to prepare tax returns is a real cost to the economy. Paying this cost produces nothing of value; it's pure economic friction. My guess is that the inflation incurred by a Boggs Tax would be smaller than the total of tax receipts plus collection friction, so the Boggs Tax would have a net positive effect on productivity.
The third objection is the biggie: using inflation to collect taxes guarantees that the value of a dollar held as an investment decreases over time. This means that the dollar's value as a reserve currency is diminished, and it also means that dollar-denominated investments operate at a disadvantage compared to investments in currencies which do not inflate. Again the details of how this would affect the real economy have to be left to economists, but again there's a counter-argument: if a Boggs Tax makes the economy as a whole more efficient (and I hypothesize that it should), inflation due to causes other than taxation might decline - and the overall rate of inflation might not be extreme compared to other economies. Calculating how much inflation the Boggs Tax would create seems tricky. The CIA World Factbook gives a figure of $2.73 Trillion for the US Federal budget. This is the numerator in the inflation calculation, but the denominator is slipperier. It's not GDP (which according to the same source was $13.84 Trillion dollars in 2007) - because GDP only measures newly created wealth for a year. The denominator also doesn't seem to be M2 (the total money supply of the nation, which according to Wikipedia was about $7 Trillion in 2005). The correct denominator is something like "total dollar-denominated wealth in the world"; I can't find a statistical source for this, but it's evidently quite big; according to Wikipedia again, the total wealth of US households and nonprofit organizations (which doesn't count corporate wealth or dollar-denominated assets held overseas) was about $60 Trillion in 2007. If we're very conservative and simply double the US personal wealth number to $120 Trillion, this gives us a figure of about 4% annual inflation for using a Boggs Tax to fund the current US Federal budget - not trivial, but not crippling either.

I don't imagine the administration we elect today will switch the US to a Boggs Tax, at least not in its first term. But I do think a Boggs Tax is coming; traditional taxation is just too twentieth-century to survive in an information economy.

The Last Polaroid

2008-10-16T00:51:00.002-05:00

Photographers today like to call their pictures "images". But when I was a kid, photographs weren't "images". "Images", to quote Abraham, are formless and void. When I was a kid, photographs had very specific forms. When I was a kid, photographs were things.

School photos came in little blue cardboard frames. Slides came in much smaller frames; Kodachromes were the best slides, and they came in tiny, square paper frames with rounded corners and a Kodak logo on the front, with the frame number and date stamped in ink on each one. And Polaroids - ah, Polaroids.

Polaroids came with a gray backing, a white frame, and a slight curl. And they came right away.

You pulled them out of the camera, watched your second hand count to 45, peeled the picture off the backing paper (dont't touch that! It's coated with caustic goo!), smeared the slimy (and slightly mysterious) pink wand across the picture, and there you were - a fully developed photograph in less than a minute. Later - when I was about 10 - Polaroid invented integral film; it didn't even need to be peeled apart, and you could watch the picture emerge like a magic trick from a plain white rectangle of plastic. And it still took less than a minute!

A minute seems like forever to kids who grew up using digital cameras, but to us a minute was a miracle.

Here's what we were used to: buy a roll of film. Shoot for about a week (really! It took us a week to find 24 things worth photographing! Today's DSLR users shoot that many pictures in six seconds!). Unload the film and put it in a mailing envelope addressed to Kodak in Rochester, New York. Drop the envelope in a mailbox. Spend another week checking mail every day to see if the pictures are back yet. Finally!!! Rip open the red-and-yellow return envelope and take out our twenty-four little things.

The weeks of suspense died with Polaroid - but not the excitement. The excitement of Polaroid - for my generation anyway - has never died. But Polaroid itself is dying now.

Polaroid instant film was introduced in the late 50s, and integral Polaroid film (no peeling apart) came on the scene in the early 70s. All Polaroid instant film production is being discontinued this year (though Polaroid will continue to market a very limited selection of instant films produced by Fuji, at least for a while).

My generation's relationship with Polaroid instant film is unique; we were the kids in the Polaroid pictures; when you see a Polaroid of a child, it's one of us. Not coincidentally, I think we may also be the last generation for whom photographs are things and not just "images".

I went back to see my generation this summer at my 30th high school reunion. I heard the news that Polaroid was going to stop making instant film as I was planning my trip. It occurred to me that I had a decent supply of 4x5 Polaroid Type 56 film in my closet waiting for a project, so I cleaned up my 4x5 camera and put it in the car before I hit the road and headed for Bryan High School.

I told my classmates at the beginning of the reunion dinner that Polaroid was going away, and that I'd be happy to give each of them the last Polaroid they were likely to have of themselves.

A lot of people took me up on the offer. I took 70 pictures in about two and a half hours; each one took about a minute to shoot and develop, and I rephotographed each one with a digital camera on a copystand. It was a great experience; I probably talked to more of my classmates than anyone else at the reunion, and the classmates I photographed seemed to be having a great time with the process. A lot of them liked the pictures, and I did too.

For me, one of the most interesting parts of the experience was that people really did get unique, one-of-a-kind things. My digital copies are different from the originals for several reasons; the copystand legs cast shadows on the pictures because I used room lighting instead of copy lighting. I had to use a glass plate to hold the curly polaroids flat, and over the course of the evening the plate developed a film of crud from the surfaces of the pictures, and from my fingerprints.

It's a great irony that digital technology, with its ability to generate perfect copies, left me with imperfect shadows of the unique, original artifacts my subjects took home with them. I love that.

I loved the process too, and the subjects. The Bryan High School class of 1978 are the people I grew up with, and who, to a large extent, made me who I am. It was wonderful to see them again, and to be able to give them something unique as a memento of our getting together in 2008. I'd like to think you can see a little bit of what makes them so special in the pictures. I call the project "The Last Polaroid"; you can see the digital copies of the Polaroid originals here.

A Simple Question for Congress

2008-09-26T22:53:00.004-05:00

Last time I checked, I live in a capitalist country.

In capitalist countries, when I spend money to buy part of a bank, what I get in return is shares in the bank.

Congress wants to spend $700 Billion of taxpayer money to buy some banks.

They say there's going to be a profit involved, which is why it's OK to use my money.

By my calculations, $700 Billion dollars divided by 350 Million people is $2,000 for each US citizen - including me.

So what I want to know is: how many shares of these banks am I buying for my $2,000?

And when is Congress going to send me my stock certificates?

(photo by missbeckles)

Round Up the Usual Suspects

2008-07-18T13:23:00.016-05:00

As a birthday present to me, the FBI's Terrorist Watch List database added its one millionth entry this week, according to the ACLU's estimate.

I've been waiting for this event, because the one millionth entry gives us a nice round number to do the calculations which demonstrate that the terrorist watch list is as close to completely useless as it's possible for a manmade artifact to get. (Note that the database doesn't actually contain a million identities; it's got a million records representing - at a guess - about 400,000 distinct individuals. But since it's my birthday we're gonna pretend that there are a million identities, in order to make all the math turn out nice and pretty.)

Let's assume that we know the names of 1,000 terrorists, and that there are another 9,000 people with terrorist intent whose names we don't know.

According to the Department of Commerce, about 46 million international travellers visited the United States in 2004; the number seems to be holding pretty steady at about 4 million visitors a month. For ease of calculation we'll round this up very slightly to 50 million a year.

When you add this to more than 25 million Americans travelling abroad each year (it's really more than that; 25 million is just for the summer), you've got in excess of 75 million people crossing the borders in a year.

Not a lot of them are terrorists; let's say we get 500 terrorists a year trying to get into the country, and that of these 500, 10% (50) are known bad guys and 450 are new recruits who we don't yet know are bad guys.

So to sum up, each year we expect to have:

1,000 known terrorists
9,000 unknown terrorists
10,000 total terrorists
1,000,000 watch list entries
at least 1,000 and no more than 10,000 actual terrorists on the watch list
at least 990,000 non-terrorists on the watch list
75,000,000 total border crossers
500 terrorist border crossers
50 known terrorist border crossers
450 unknown terrorist border crossers
74,999,500 total non-terrorist border crossers

IMPORTANT NOTE: If you don't like my numbers, I invite you to plug your own numbers into the calculations below. For any plausible set of numbers, the conclusion will remain the same. If you prefer an implausible set of numbers, there are lots of conspiracy theory blogs which will probably make you a happier person than you'll be if you keep reading here - or you could wait a week or two and catch the opening of "The X-Files: I Want To Believe".

Let's assume that all variables are independent and random, and let's assume that there's never any error in matching a person against a name on the watch list. There are six cases of interest at a border crossing:

Non-terrorist is checked and does not match an entry on the list. Since there are 990,000 non-terrorists on the watch list, there are (74,999,500) - (990,000) = 74,009,500 non-terrorists who are not on the watch list, and this event happens in (74,009,500) / (75,000,000) = 98.7 percent of the cases.
Non-terrorist is checked and matches an entry on the list. Since there are 990,000 non-terrorists on the list, this event happens in (990,000) / (75,000,000) = 1.3 percent of the cases.
Known terrorist is checked and does not match an entry on the list. We don't make matching mistakes, so this event doesn't ever happen.
Known terrorist is checked and matches an entry on the list. This happens every time a known bad guy tries to enter the country. On the other hand, only 500 bad guys enter the country, and only 50 of them are known bad guys, so this event happens (50) / (75,000,000) = .00007 percent of the cases.
Unknown terrorist is checked and matches an entry on the list. Since this guy is an unknown terrorist, the probability that his name is on the list is the same as the probability that an innocent civilian's name is on the list. That probability is 1 in 75 (1,000,000 names on the list; 75,000,000 total travellers). There are 450 unknown terrorists crossing the border, so (450) / (75) = 6 of their names are on the list. So this event happens in (6) / (75,000,000) = 0.000008 percent of the cases
Unknown terrorist is checked and does not match an entry on the list. 444 unknown terrorists who try to cross the border aren't on the list, so this happens in (444) / (75,000,000) = 0.0006 percent of the cases

Now let's have a look at the results in rank order.

Outcome	Occurrences
Innocent non-match	74,009,500
Innocent match	990,000
Unknown terrorist non-match	444
Known terrorist match	50
Unknown terrorist match	6
Known terrorist non-match	0

We match (50 + 6) / (444 + 50 + 6) = 11.2% of terrorists using this scheme.

Of the people matched, (50 + 6) / (990,000 + 50 + 6) = 0.006% are terrorists. Put another way, 99.994% of all people matched are innocent.

It's bad enough that we're letting 90% of the terrorists cross our border without additional checks, and that we're putting 990,000 innocent people through unecessary additional checks.

What's worse is that we're probably arresting some of those 990,000 innocent people because they matched the list and "seem suspicious" (ask Brandon Mayfield about this!)

What's even worse than this is that we're training the people who operate the system to ignore the real terrorist matches when they happen. 9999 out of every 10,000 matches is a false match. After the first 5,000 or so false matches, normal humans start to assume that every match is a false match (this is called "habituation", or "the fallacy of induction"). When that one true match (a real terrorist) sets off the alarm, the operator's natural tendency is just to turn the alarm off and wave the guy through.

But what's worst of all is that this system is trivially easy for even the dumbest terrorist to circumvent. It doesn't take a genius to figure out that the thing to do to defeat this system is stop sending known terrorists through it. Catching a new recruit without a terrorist history happens only by accident, and it happens with very low probability.

We're spending God knows how many millions of dollars on this list, and it cannot possibly do the job for which it's intended. We could "fix" the system to the extent that we provide a way to take innocent people off it, but it will always be the case that the huge majority of people checked against the list are innocent. As long as this is the case, the base rate fallacy will make the system essentially worthless for catching bad guys. And this is even if the bad guys are dumb enough to enter the country at controlled border crossings and send known terrorists using papers issued under their real names.

I realize that it's bureaucratically impossible to dismantle a large government system which has been publicly criticized, so in a helpful and public-spirited gesture I'll offer the following alternative suggestion:

Put everybody on the list.

It's cheap, it's fast, it's inevitable eventually anyway as long as the list continues to grow at its current rate, and it makes checking people against the list really easy (you can do it even without a computer!).

After you've put everybody on the list, implement something that might actually work as your secondary screening process.

Bruce blogged about the absurdity of the watch list here.

The New Studio

2008-01-27T00:29:00.000-06:00

I have a bet with a colleague. It's a very serious bet with the highest possible stakes (No, silly, not our immortal souls. A bottle of good Scotch).

My colleague thinks that either movies or music will still be sold with Digital Rights Management in 2012. I, on the other hand, know DRM will be long gone by then. It should be gone now, because it doesn't work. But that's not why it will be gone. It will be gone because it's bad for business.

DRM is bad for business for lots of reasons, but the most important reason is very, very simple.

All products generate sales by exposing people to the product. People who are exposed to the product and don't like it aren't potential customers; they'll never pay. The people who like the product after they're exposed to it are potential customers; they're the addressable opportunity - the "fan base". The people who like the product and decide to buy it are the paying customers. The trick in business is to maximize the number of paying customers.

The first step in the DRM business model is this:

Shrink the fan base by making it impossible for potential fans to try the product.

Any business model that starts this way will be destroyed by a business model that increases the size of the fan base.

The music industry has figured this out, and DRM for music is already dead. Every major label now sells DRM-free music, and Radiohead has proved pretty conclusively that people will pay good money, voluntarily, if you put good music up on the Web with no restrictions. Not only that, they'll pay a premium for limited-edition collector's sets, and they'll still buy shipping containers full of your CDs - and your brand new vinyl LPs.

It's amazing that it took Steve Jobs to teach the music business that DRM was a bad bet; after all, record label executives are the same people who used to bribe DJs to give music away free on the radio. But two cheers to the labels anyway; freeing music will result in more music and better music; it may even allow artists to keep some of the money they are currently turning over to agents, managers, and label executives. (well, ok, probably not. But we can always hope.)

Hollywood is lagging behind the music business; Hollywood still hasn't admitted that the DRM business model is a guaranteed loser. There's a reason Hollywood hasn't admitted this: the stakes are too high. As Upton Sinclair famously put it, "It is difficult to get a man to understand something when his salary depends on his not understanding it".

Hollywood isn't run by people who watch movies or who make movies. It's run by people who fund movies. The purpose of a modern movie studio is not to make movies. It's to make money. A lot of money. Not for directors or actors or writers (especially not for writers!), but for studio executives and producers. Whether the movies are good is a minor concern. The major concern is whether the revenues are good.

At this point I want to make it clear that I am a capitalist, and I'm completely behind the idea of businesses making a profit. The problem I have with the Hollywood studios is that their business model is increasingly driving them to try to make more money by making the product worse. This is bad for the audience, of course, because it means we have to watch a lot of awful movies. But in the long run it's also bad for the studios, because it means that someone is going to come along and put them out of business by making a better product for less money (Clayton Christensen explained how this phenomenon kills successful companies in his book "The Innovator's Dilemma". If you're a studio executive, read the book. Now, before it's too late. If you're too busy to read the book, you can just read the Wikipedia entry.)

Movies are hugely expensive today. Paying movie stars is very expensive; exotic locations are very expensive; special effects are very expensive; unionized crew and soundstages are very expensive; and distribution and advertising are insanely expensive. If you believe Wikipedia, the average cost to produce a Hollywood feature is now about $50 million; the cost of advertising and distribution drives the total to $100 millon.

This is a big problem for the studios. If you're spending $100 million, you can't afford a failure. You've got to make the $100 mil back just to break even.

You might think people who are putting $100 million into a movie and who can't afford a failure would make damn sure the movie was great.

You'd be wrong.

You can't make a great enough movie to guarantee $100 million dollars in ticket sales; almost no stories are that good, and almost no movies are that good. Even movies which are that good won't necessarily make $100 million - maybe they'll just win a lot of Oscars and change the way a generation thinks about the world - and leave you famous and $80 million in debt.

Studio executives are smart businesspeople. They know they can't make a good enough movie to earn a profit on a $100 investment. So instead do the only thing they can. They make movies which will sell more than $100 million worth of tickets even if they suck.

They do this by appealing to their audience the same way the Roman emperors appealed to their audience: bread and circuses. Brad Pitt all oiled up in leather armor? You got it. Bruce Willis crashing a car into a helicopter? No problem. Halle Berry giving a blowjob? Absolutely. You want the good guys to win? We can do that. Want the guy to get the girl? Why the hell not?

This stuff is mesmerizing in the previews. But once the audience gets into the theater, the game's up. The audience figures out very quickly that they've been tricked. The story makes no sense. The special effects are just a gimmick to distract us from the boredom of the action. The sex isn't as good as what we can get free on the Internet. The characters are two-dimensional robots; we hope in vain that they'll die.

By the time the audience is in the theater, though, it's too late - the studio has won. All the studio needs is four days. Opening weekend. The studio makes its money before the audience realizes the movie sucks, and before they can tell their friends. The chumps who wander into the theater a week later, or watch the movie in foreign markets, or buy the DVD, are gravy.

Theater owners and distributors love this. Zillion-dollar blockbusters with lots of sex and blood and explosions and huge advertising budgets keep the seats filled, and the money keeps pouring in.

The dark side of all this, of course, is that there are no theater seats left for good movies - especially good movies with small advertising budgets. Even if you save your pennies and make a very good movie for $1 million, you still have to pay $40 million in advertising and distribution to compete with the people who make bad $100 million movies.

Actors and directors know this, and they do things to try to sneak the occasional good film into the theaters. George Clooney makes movies that suck (Ocean's Twelve) to earn enough money to advertise movies that don't (Good Night and Good Luck). Robert Redford runs a festival whose whole purpose is to convince distributors that good movies have a big enough audience to fill a few of their valuable seats for a week or two.

All this explains why DRM makes sense to movie studios; the single most important thing a studio has to do is to make sure nobody sees the movie before opening weekend. Because if anybody sees it early and starts telling people it's no good, the whole house of cards collapses, and everybody loses giant piles of cash. If DRM can allow studios to send the movie to reviewers and Oscar voters without taking a chance that a copy will get loose and screw up the release - well, bring it on! If it can protect dailies and rough cuts and test screening copies from escaping into the wild - hallelujah! This is the most important reason studios use DRM; preventing DVD piracy is nice, but a tax on recordable DVDs would do that job just as well, and a tax on DVD drives or computers would solve any problem the studios might have with P2P sharing.

The elephant in the room is this: Seats don't watch movies. Peoples' eyes do. And movie fans can use their eyes even if they're not in a scarce and expensive movie seat.

If you can make a good movie really cheap, the Internet will let you distribute it free to many more people than you could ever get into all the movie theaters in the world for a weekend. And if you can make a good movie really cheap, you don't need to get paid very much to make a profit.

This means you can take a chance the Hollywood studios can't take. If you can make a movie really cheap, and distribute it for free, you can afford a flop. If people don't like the movie, you're out a few bucks but you don't have to sell ten thousand pounds of crystal meth to pay your creditors. But if people really love it, you can make a lot of money. And you can make money lots of ways - you can charge for downloads, you can charge for DVDs, you can charge for posters, you can charge for action figures. You can even charge distributors to show your movie in a real theater, because you've already proved that there's an audience.

Wanna know a secret?

You can make a good movie really cheap.

Just ask Robert Rodriguez. (And he did it back when it was still pretty hard; you're much better off. You can buy your own HD camcorder for less than $1,000. Not chicken feed, but not close to $100 million. You'll need a good script and good actors, of course, but hey - nobody promised you a rose garden.)

The Hollywood studios know this.

It frightens them.

It should.

Someone's going to come along and create a New Studio. It's going to have a new business model that lets creative people make a decent living making good, cheap movies. It's going to trust its audience to pay for quality films. It's going to grow its fan base by distributing entire movies on the Internet with no DRM, just as Radiohead distributed music on the Internet with no DRM. And if the old Hollywood studios try to compete against it with DRM-encumbered movies that shrink their fan base while the New Studio grows its fan base, the Hollywood studios are going to die.

Mike Masnick at Techdirt has already explained the theory of how to make money selling free goods. I won't try to summarize Mike's Grand Unified Theory of the Economics of Free because I want you to read the real thing. But I do want to agree publicly with what I think is his most important point:

"Saying you can't compete with free is the same as saying you can't compete period."

I'm going to try to apply Mike's theory to the movie industry by posting a business plan for the New Studio. I'll do it in chapters. I hope you like it. I hope you use it. I'm waiting to see your movies.

Maybe you don't believe it can be done; fair enough. But if you don't think you can compete and make money by selling people things they could get for free, I want to ask you one question.

When was the last time you bought a bottle of water?

What rough beast, its hour come round at last.... ?

2008-01-26T21:34:00.000-06:00

Online retailer Life is good has entered into a consent decree with the US Federal Trade Commission to settle claims that its assurances of privacy protection to consumers were false. Davis, Wright, Tremaine LLP's excellent Privacy and Security Law blog has coverage of the decree here.

Corporate counsel and Chief Information Security Officers need to pay very close attention to this decree; it lays the groundwork for a standard of due care in the protection of consumers' private information. In my opinion this is, to use Churchill's famous phrase, "the end of the beginning" for information security and privacy as a liability-free zone.

Bruce Schneier, who has just been selected to receive CPSR's Norbert Wiener award, has long advocated liability as a step toward better computer security.

Whether you agree with Bruce or disagree with him, the FTC's action means that you now must acknowledge, and start to plan for, the possibility of liability for your security failures. You must also begin to prepare for the imposition of legally mandated minimum standards on your security programs, at least if those programs protect private information.

As Ronald London, who posted the Privacy and Security Law blog's entry on the Life is good consent decree, so mildly puts it, "The FTC's announcement of the consent decree provides an opportunity for all companies that collect sensitive personal information, and that publicly make promises about how they safeguard that data, to re-evaluate their data security programs".

A word, to the wise, is sufficient.

Reed's Jazz and Supper Club: Hail and Farewell

2007-12-29T12:15:00.000-06:00

Christmas is a mean season in the restaurant business; it's when the landlords raise the rent.

Reed's closed two weeks ago, on a Tuesday. On the Monday I was at the bar, talking to the friends I've made there over the years, and enjoying a perfect Imperia Vodka martini (up, dry, shaken, with a twist. As it should be.) The next afternoon there was a little sign on the door with the bad news. I saw the whole show; I was at the soft opening the day before Reed (yes, Virginia, there is a Reed) opened the club to the public; I had a drink at the bar on the last night, and I spent many happy afternoons there in between.

Reed's was special in lots of ways. The food was great, the staff was great, the location was great, and the decor was great. But there are other places with those advantages; three things about Reed's really made it stand out for me.

First was the music. Reed's was, as its name advertised, a Jazz club. They're rare everywhere these days, but especially so in Texas. There's only one other good Jazz club in Austin; it's called the Elephant Room. The music at the Elephant Room is first-class, but the club is impractically far away from my house - and there's another thing, too.

A great Jazz club is special because of the music, but also because of the crowd. The crowd can dance, to start with. The crowd tends to drink martinis, and wouldn't dream of ordering a Jagerbomb. The crowd is, to put it bluntly, a little older than the average bar crowd. The crowd has fewer tattoos than the usual bar crowd, but the ones it does have come with interesting stories. Most everyone in the crowd, in fact, comes with an interesting story or two.

And that was the second really special thing about Reed's: it made people tell their stories. The bar was what did the trick. It wasn't a long, straight wooden bar like the ones you'll find at a thousand faux Irish pubs all over the world (and at the real Irish pubs - the ones in Ireland - too). Reed's bar was an enormous stone bar, built like a ratcheted gear. It curved all the way around the ground floor - the bartenders inside a continuous, smooth, concave curve and the customers outside on stools around a series of curved sections like shark's fins laid on their sides one after another.

You couldn't sit side-by-your-neighbor's-side staring sorrowfully into your drink at Reed's bar. The curve and the notches made you look at your fellow man; the martinis helped you get over your shyness and talk to him, and the jazz gave you something to start the conversation with. Strangers talked to each other all the time, and if they kept coming back (which a lot of them did) they became friends.

The third thing that made Reed's special was the light. In the afternoons the sun poured in through the frosted windows and filled the whole place with warm gold light. The lamps - inverted cones hanging from the ceiling above the bar - showered pools of the same gold light onto the drinks and the customers. And the mirrors behind the bar picked up all of this gold and threw it out into the dining room.

The light begged to be photographed. I took thousands of pictures at Reed's. Some of them ended up on the CD covers of the bands who played there; others hung on the walls in the dining room in big 20x24 editions, and still others filled a 2006 calendar I made for the staff and the regular customers. The ones I'm proudest of are hanging in 8x10 frames on the walls of the mothers of the bartenders and waitressess and hostesses.

From time to time I'd ask permission to post a particularly good one on flickr; you can see a slideshow of them here.

The Buddha taught me that the cause of my suffering is attachment to things that change - so I won't mourn the passing of Reed's Jazz and Supper Club. But I will remember. Thanks, Reed, for the memories.

The 2007 CECI Award

2007-11-11T21:08:00.000-06:00

It's time once again for the event the whole blogosphere awaits with breathless anticipation - the presentation of the annual CECI award!

Once again this year the judges (me) have sifted through the year's dross and spent Guy Fawkes' Day mulling over who's made the greatest contribution to clear thinking about identity, privacy, security, and risk.

As I made my decision I've had a few things on my mind. I've had in mind, for example, why the principal deputy director of National Intelligence thinks we need to change our definition of privacy. The short answer is that the current definition is very inconvenient to the government. How inconvenient? Well, for one thing, it prevents them from spying on all of us without a good reason.

Since we haven't changed the definition of privacy yet, the US Government is being forced to go to all the embarrassment and expense of arguing (in public! how undignified!) in United States v. Warshak that you and I have no expectation of privacy in email communications because we've signed an agreement with our ISP to let them examine our emails under certain circumstances.

(Side note: is anyone but me thinking "Wait! The fourth amendment doesn't say anything about expectations of privacy! It just says that there won't be unreasonable searches and seizures, and there will be warrants based on probable cause supported by oath or affirmation, and particularly describing the persons or things to be seized"?)

The definition of "privacy" which deputy director Donald Kerr would like us to adopt, in deference to the government's needs, is that "government and businesses properly safeguard people's private communications and financial information."

What does he mean by "properly safeguards"? Probably something like this: that the government and the supermarket will only arrest you, send you to Guantanamo, and deny you access to legal counsel if the FBI thinks your falafel purchases are suspicious; if you eat only a patriotic American quantity of Falafel, you have nothing to fear.

And I've been thinking about why so few people agree with Mark Klein that all this is a problem.

Which brings me to our winner.

The 2007 Ceci Award goes to Andrew Napolitano, former New Jersey Superior Court Judge and current Fox News analyst (I know, I know, but stay with me for a minute), for his most recent (2007) book "A Nation Of Sheep".

Napolitano's basic argument in "A Nation Of Sheep" is this:

The Natural Rights theory says that our fundamental rights come from God and still exist even when they aren't enforced or even respected by the government.
This theory is necessary as a defense against government encroachment, because government does not actually acknowledge any power higher than itself...
(even when it says stuff like "We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness. That to secure these rights, Governments are instituted among Men, deriving their just powers from the consent of the governed")
...but while it is willing to coerce the governed to permit the usurpation of their rights it is embarrassed to say in public that it does not believe in God's supremacy - so attributing rights to God is the only way to make the government acknowledge their legitimacy.
Even attributing rights to God doesn't do us any good if we don't confront government whenever it tries to usurp the rights God gave to us.
But most of us are sheep, and won't confront the government...
Therefore it falls to a few wolves to prevent all of us from falling into slavery.

He's right. Read the book. If, after reading the book, you're feeling sheepish, consider the example of Mark Klein and ask yourself if you've seen any of your natural rights being confiscated lately. If so, ask yourself what you've done about it.

Congratulations to Judge Napolitano on his award. As usual, an acceptance speech in the comments is not required, but would be most welcome.

Turn Off Your Flash

2007-11-01T22:02:00.000-05:00

You're at a party. Or maybe walking on the beach at sunset. Your eye is attracted to a scene. You take out your camera and look through the viewfinder (or at the LCD). You adjust the framing, and, trembling with excitement, you push the shutter button.

You examine the results.

They suck.

What happened?

I'll tell you what happened: your flash spoiled the shot.

What you saw was interesting. What the camera saw was ordinary. The difference was the light. You saw beautiful, interesting, colorful ambient light coming from an interesting direction.

Your camera saw 5500-degrees-kelvin daylight-colored strobe light beamed straight from your eyeball to the subject.

Now stop for a moment and consider a question: if you looked at the scene and liked the light you saw, why did you change it?

So stop changing it.

Look at the picture above. It's a picture of my friend Andre. I took it last week in a shot bar called Chupito's in Barcelona (if you're in Barcelona, go there. You'll like it). Chupito's is very dark. The blue color on Andre's (white) shirt is fluorescence induced by a UV tube illuminating the drink menu on one wall. The red color on Andre's face comes from a very dim incandescent bulb about a foot away from the two of us.

If I'd used flash, It would have lit Andre evenly (so I would have lost the contrast between the shadow on the right side of his face and the brightness of his shirt on the same side) and the flash would have overwhelmed the the red and blue colors of the dim lights. The result would have been a much less interesting picture - a picture which would have looked a little like the one I took of Andre earlier this year in a boring hotel corridor at a different event: This isn't a bad picture, but it's not nearly as interesting as the one from Chupito's. One reason the Chupito's picture is more interesting is that the color of the light is more interesting. If you use flash, your pictures will all be taken in daylight-colored light. But the color of the light isn't the only important thing about the Chupito's picture. The shadows are important too. If you use flash, your pictures will all be lit from your position - that is, they'll all be front-lit, and they won't have very interesting shadows.

Here's another picture; it's a picture of my colleague Mike, and it's front-lit: Again, it's not a bad picture, but it's got no interesting shadows. I have another picture of Mike (taken in a different bar in Barcelona) which is much better, because it's lit more interestingly. Here it is: If I'd taken this picture with a flash, there would be no shadow on the left side of Mike's face (on the right in the picture), and the picture would be much weaker.

The moral of this little story is: if you see light you like, turn off your flash. If you turn off your flash, you might need a fast lens on your DSLR, or a tripod for your point-and-shoot, but your pictures will be much better.

(Full disclosure: if you really learn how to use flash, you can get great results. Joe McNally has really learned how to use flash. He uses lots of flashes, most of them off-camera, triggered by wireless remotes, and some of them filtered to provide interesting colors of light. If you want to really learn how to use flash, instead of just turning it off, a great place to start is strobist. And if you ever get a chance to take one of Joe McNally's workshops, do it. He's a great photographer, a great teacher, and a great storyteller.)

Family Matters

2007-11-01T21:40:00.000-05:00

I've been doing most of my blogging here and here for the last few months. In the meantime, my sister has started a stamping blog, and my daughter, a digital native, has started to write about what identity means to the next generation (among other subjects). Upcoming posts here will include:

Turn Off Your Flash
What Is Privacy, Really?
Fear and the Bigger Haystack
Privacy, Tolerance, and a Free Society
The Boggs Tax

Outsourcing Terrorism to the Victims

2007-02-01T14:51:00.001-06:00

Osama bin Laden can retire now; he's worked himself out of a job. We don't need actual attacks to keep us in a state of terror anymore. All we need is Lite-Brite pictures of cartoon characters.

Yesterday, Boston was paralyzed by a terror alert arising from a Cartoon Network guerilla advertising campaign gone wrong. If you believe the Boston Herald, the Boston Police Department spent a million dollars on the incident, and it probably created much larger costs by tying up the city's roads and bridges all day. Those expenses may be only the beginning - Boston will spend an enormous amount of money on lawyers if the city follows through on its promise to throw the book at Turner Broadcasting and at the two artists who created the campaign.

Federal, state, county, and city officials have all been quoted emphasizing the seriousness of the situation. Tom Menino, Boston's mayor, explicitly tied it all back to 9/11, saying "It is outrageous, in a post 9/11 world, that a company would use this irresponsible marketing scheme".

Menino suggests an interesting and important question: what, exactly, is "irresponsible" in this post-9/11 age?

The attitude of terror - that everything unfamiliar is dangerous, and that any time you see something that's not completely familiar, you should stop what you're doing, panic, and run and hide - is not responsible. Osama bin Laden wants you to assume the attitude of terror. He wants you to freak out and call the police every time you see a little pile of white powder, even though the probability is zero that it's anything more dangerous than sugar, salt, or coffee creamer.

The attitude of helplessness - that the world is so dangerous there's nothing you can do to protect yourself except to surrender your judgment, your rights, and your defense to government experts - is also not responsible. George W. Bush wants you to assume the attitude of helplessness. He wants you to leave the war on terror to him, after you let him suspend habeas corpus, the accused's right to counsel, and the requirement for judicial warrants to authorize wiretaps.

These attitudes are irresponsible, because if we adopt them, our fears drive us to attack ourselves. We spend money responding to imaginary threats. We lock ourselves in our homes and suspect everyone and everything. We turn toys into weapons, strangers into enemies, and jokes into crimes. We put cameras in every room and policemen on every corner. When we've done all these things, the terrorists don't need bombs, airplanes, and anthrax anymore; they've outsourced terrorism to the victims, and we'll finish the job ourselves.

If we don't want to become bin Laden's subcontractors, what is responsible? Simple: thinking clearly - thinking for yourself - about risks and precautions is responsible. As I've already noted, Sam Hughes explained it best.

If Boston takes millions of dollars of public money which could be used to investigate and prosecute real terrorist threats, and spends those millions instead on persecuting a couple of cartoon marketers who have (possibly completely accidentally) embarrassed the Boston Police, that won't be responsible. And it won't be popular, either. Enough Americans can still tell the difference between real enemies and phantoms. Some folks who recognize a phantom when they see one are already selling the t-shirt.

Update: Bruce has an excellent entry on this too.

The Dumbest Advice Yet on Iraq

2007-01-23T21:54:00.000-06:00

Did James Webb really say this tonight???

"As I look at Iraq, I recall the words of former general and soon-to-be President Dwight Eisenhower during the dark days of the Korean War, which had fallen into a bloody stalemate. "When comes the end?" asked the General who had commanded our forces in Europe during World War Two. And as soon as he became President, he brought the Korean War to an end. These Presidents took the right kind of action, for the benefit of the American people and for the health of our relations around the world. Tonight we are calling on this President to take similar action... "

When comes the end? Not yet! Has Webb noticed that Eisenhower's action stationed tens of thousands of American troops in Korea for (as of the current date) MORE THAN FIFTY YEARS, at the end of which the stalemate has not resolved but rather hardened to the point where we now face a dictator threatening us with nuclear weapons??? Is this an experience we want to REPEAT?

Could Webb have chosen any better example to SUPPORT President Bush's claim that leaving Iraq would leave us with a "nightmare scenario"?

Five Things

2006-12-21T13:38:00.000-06:00

Pam "tagged" me with a challenge to post 5 things you might not know about me and "pass it on". OK...

Stirred. Not shaken.
I have an IMDB entry. How weird is that? Surely the Oscar is just a matter of time.
Although some (tiny, ridiculous) dogs seem to have found their way into my house via some other family members, my own personal pets are more highly evolved. They are, in fact, cats. Balinese.
I still use film. In fact, I still develop it in the sink!
I was the last PhD graduate of the University of Michigan's late, great Computer and Communications Science department. (John Holland was the first.)

Now for the hard part: Avery, Marcus, Lori, Adam, and Al: Tag, you're it!

Your mission, should you choose to accept it, is to tell us five things we wouldn't otherwise know about yourself, and then accelerate this little pyramid scheme's consumption of Internet bandwidth and server storage by tagging five people whose oddities or secrets you'd like to know.

Happy Holidays to all!

The 2006 CECI Award

2006-11-06T10:36:00.000-06:00

Ladies and Gentlemen, follow the red carpet for a very special treat: the presentation of the first annual CECI Award for clear thinking about security, privacy, identity, and risk.

The nomination and selection process is, like that for the Nobel prizes, mysterious - so don't ask. Nominees who fall short are not humiliated by having their unsuccessful candidacies announced and discussed.

The award is simply bestowed, here, by me, in a suitably magisterial fashion, with appropriate fanfare, pomp, and circumstance (and a little gold picture of Magritte's notapipe).

The 2006 CECI Award goes to David Murakami Wood and a large cast of co-authors, expert contributors, and reviewers for the publication of "A Report on the Surveillance Society". This report was prepared for the Information Commissioner of the United Kingdom. It is in the opinion of the CECI Award selection committee (me) the best government report of the Millenium to date, and it sets a standard which is unlikely to be excelled often in the remaining 994 years.

The report's scope is breathtaking, but its focus is intense. Its language is clear, direct, and even elegant. Its importance cannot be overstated. To select a representative quote seems almost a disfigurement; the thing should be taken as a whole. Still, as an advertisement for what you absolutely must read - and I am in no way kidding or exaggerating here - I offer you the very first paragraph:

"We live in a surveillance society. It is pointless to talk about surveillance society in the future tense. In all the rich countries of the world everyday life is suffused with surveillance encounters, not merely from dawn to dusk but 24/7. Some encounters obtrude into the routine, like when we get a ticket for running a red light when no one was around but the camera. But the majority are now just part of the fabric of daily life. Unremarkable."

I will have a lot to say on topics this report addresses in the coming months, but I am not likely to improve on any topic it addresses directly. I invite you to read it. Your children's lives will be profoundly affected by how well you understand the issues it raises, and by what you choose to do based on your understanding.

Congratulations to the recipients. An acceptance speech in the comments is not required, but would be most welcome.

In the Crosshairs

2006-11-03T14:02:00.001-06:00

Ars Technica has just published this story about a system you'll want to check out. You'll want to, but you won't really be able to.

The system is designed to collect large amounts of personally identifiable information about every person entering or leaving the United States for the purpose of assigning each individual a "risk assessment" rating. It will be implemented and operated by US Customs and Border Protection, a unit of the Department of Homeland Security.

If you travel a lot, the system will pretty quickly contain your name, address, telephone number, email address, frequent-flyer numbers, travel itineraries, and other information. It would surprise me if it didn't eventually include some credit card information.

The most surreal aspect of the system is its name: THE AUTOMATED TARGETING SYSTEM. Whoever approved that moniker obviously doesn't work in public relations. But in fact Customs and Border Protection clearly isn't too concerned with public relations. While your AUTOMATED TARGETING SYSTEM record can be accessed by courts, government officials at all levels including international, law enforcement, congressional offices, contractors, researchers, the Department of Justice, the National Archives, and intelligence agencies, it's not subject to the protections of the United States Privacy Act, and you can't access it yourself for purposes of reviewing the record's accuracy and correcting errors.

If you're worried about the privacy implications of this, well, you'll probably have lots of company. But don't let your privacy worries distract you so much that you don't worry about another important problem: the accuracy of the "risk assessment" which will be performed using your data.

Since the risk assessment criteria haven't been published, it's not easy to analyze any weaknesses that might exist. But it's not hard to predict that these weaknesses will be profound. Here's a fairly simple question I'd ask if I were assessing the system:

What risk rating would the system have assigned to Timothy McVeigh? Mohammed Atta? Omar Abdel Rahman? Brandon Mayfield? Hugo Chavez? Pope Benedict XVI? Aldrich Ames? John Walker Lindh?

I'm also interested to know whether a "high" risk rating will be considered sufficient justification for initiating an investigation of a US citizen or resident alien, and if so, what due process will be granted to the individual who is investigated.

This type of system (a large-scale system constructed in secret to solve a poorly understood but highly politically sensitive problem) has always resulted in failures, cost overruns, and injustices in the past. There's no reason to predict that THE AUTOMATED TARGETING SYSTEM will be the exception to the rule.

Heeding the Message

2006-10-30T13:50:00.000-06:00

It takes a big man to admit that he's made a mistake, especially in politics.

It takes an even bigger man to think it over carefully enough to propose doing something genuinely useful. Rep. Markey has done both; here's what he wrote in his latest press release, covered on Chris Soghoian's blog:

Under the circumstances, any legal consequences for this student must take into account his intent to perform a public service, to publicize a problem as a way of getting it fixed. He picked a lousy way of doing it, but he should not go to jail for his bad judgment. Better yet, the Department of Homeland Security should put him to work showing public officials how easily our security can be compromised.

Exactly. This is the kind of thinking we need more of. Kudos and thanks to Rep. Markey for a courageous and helpful statement.

Shooting the Messenger

2006-10-28T12:03:00.000-05:00

Congressman Ed Markey (D-Mass) has called for the arrest of Chris Soghoian, a University of Indiana graduate student who created a website which enabled printing of fake Northwest Airlines boarding passes.

If Congressman Markey, who represents himself as an authority on technology and civil liberties issues, and who publicises national security vulnerabilities on his own congressional website, is surprised by the fact that boarding pass security is a joke, then he hasn't been paying attention for a long time.

Boarding pass security has always been terrible. ABC reported on this vulnerability in June. Bruce Schneier wrote about it as early as 2003, and explains here why he's not worried that it's still easy to forge print-at-home boarding passes.

The print-at-home vulnerability has been covered at Stupid Security and elsewhere (here too!).

Publishing instructions for how to do it isn't new either.

In fact, Slate has pointed out that you don't even need to forge a boarding pass to get past airport identity checks - you can just use somebody else's real one.

Providing an easy online utility to automate forgery may indeed be new. But before we start arresting people, let's think for a minute about who we should be locking up. Real villains - not security researchers - should be at the top of our most-wanted list.

What say we start with the people who actually want to commit terrorism? Congressman Markey lists Homeland Security and Defense among his top issues. You may have noticed that we haven't caught Osama yet.

Once we arrest the people who create the threats, we should go after the people who create the vulnerability. This would be airlines (who allow you to print insecure boarding passes at home in an easily-forgeable format) and the TSA, who take a cursory look at your forged boarding pass and wave you through their checkpoints.

Then let's look for the guys who have failed to hold the airlines and the TSA accountable for their failures. Congressman Markey's bio says he's one of them: "As the third most senior Democrat on the House Homeland Security Committee, he has emerged as a leader in both legislative and oversight activities in the areas of nuclear, aviation, rail, liquefied natural gas and chemical security." If this oversight were effective, Chris Soghoian wouldn't have been able to build his website and we wouldn't be talking about it.

Bruce is right that the real problem is elsewhere. But even if this were a real problem, arresting the messenger wouldn't solve it. Congressman Markey undboutedly knows that - and he also knows that loud law-and-order noises sound good in an election year.

Pink for October

2006-10-01T23:48:00.000-05:00

Special this month: Ceci n'est pas un Bob will be Pink for October to promote awareness of breast cancer. Plus, pink is cool.