Friday, December 19, 2008

Risk and Policy in the Real World

Chandler Howell describes an interesting example of Risk and Policy in the Real World.

I have an interesting example of Policy actually making things worse for you all today. It’s not horrible, but it illustrates the point and I can talk about it, so I will.

Today someone asked me if I knew that one of the floors of a facility I visit from time to time is a “No Visitors” area. This is due to the fact that the marketing teams have product prototypes as well as all of their collateral and other materials displayed or in-progress on this floor. I had to confess that I did not realize that. Even worse, most of the people who don’t reside in the “No Visitors” zone, as well as some who do, also don’t seem to be aware of that fact.

Enforcement is, as you would imagine, non-existent. That would be rude, after all.

To make matters worse, not only is there is no access control (doors or guards), signage or other markings telling people that this floor is off-limits to visitors, but the canteen which is open longer hours than the main cafeteria (for coffee, snacks, etc.) is located on this floor. As a result, there’s a steady stream of people who, even if they are employees, really have no business wandering around this floor doing so at any given time.

So we have a situation where the people who need to display confidential information do so, safe behind the warm fuzzy blanket of their “No Visitors” policy. Everyone else wanders around their area in blissful ignorance that they shouldn’t bring their visitors through there on the way to the canteen.

My reading of this example is that Policy is being used as an ineffective patch for a failure of Architecture. In other words, there is a de facto physical architecture that involves visitors walking through this department, and an unenforced (and possibly unenforceable) policy saying they shouldn't.

If you want to protect the department, you probably need to change the physical architecture. Provide an alternative route to the canteen, and install enough barriers (like sleeping policemen) to discourage people taking short-cuts through the department. Or you move the marketing department to a different floor.

You still have the policy, but now the policy is used as a architectural design constraint rather than expecting the mere existence of a rule to alter people's behaviour.

Alternatively, you try to change the behaviour of the marketing department. After all, there are fewer of them. And they are the ones to whom it matters.

Wednesday, September 24, 2008

US Election 2008 - Trust

Can the candidates in the US election trust their running mates?

Tuesday, September 23, 2008

US Election 2008 - Sincerity versus Authenticity

(Where is my copy of Lionel Trilling's book? I thought I had one somewhere. Did I lend it to someone? Oh well, never mind, it'll turn up.)

I was just reading David Foster Wallace's account (in a book called "Consider the Lobster") of John McCain's 2000 campaign for the Republican nomination (against an opponent then referred to as "The Shrub"). Wallace (then writing for Rolling Stone) was far from being a supporter of McCain, but he was impressed by his personal qualities. It's difficult not to be impressed by McCain's biography - whether as a fantastic example of courage and fortitude or as a brilliant example of personal myth, or perhaps both.

So here's a thought. In the upcoming presidential election, Obama represents Sincerity while McCain represents Authenticity. Different kinds of truth.

A minority of voters might vote for McCain and Palin because they share their opinions and beliefs, but most Americans don't. The only reason McCain and Palin have the remotest chance of winning the election is because sackloads of American votes will be cast for who the candidates are, not for what they stand for. Megan Garber (Columbia Journalism Review) calls this the Authenticity Trap - " the West Wing logic of governance: that truth-to-self will somehow lead a president to effective leadership".

In contrast, people will mostly not vote for Obama because of who he is - a smooth Afro-American lawyer from Chicago with a foreign name - but because of what he (so eloquently) stands for. Adam Kirsch (New York Sun) finds Obama's book more authentic than Hillary Clinton's - but come on, how many American votes are going to be based on reading? (People didn't vote for Churchill because they'd read his books either.)

Perhaps more than any election in recent memory, this is the battle of the Enlightenment. The man who speaks from the heart for progress, hope and the American Dream against the man who was captured by the VietCong and will not tell a lie. George Lakoff (Huffington Post) thinks the Enlightenment frame isn't working so well for Obama these days, and wants the Obama campaign to stop reinforcing the Maverick frame for McCain.

Steven Shaviro has a rather different take on this. In More Electoral Ruminations, he contrasts Democrat hypocrisy with Republican cynicism, and avers that "It is not stupid to vote for McCain/Palin; rather, it is evil. Republicans are intrinsically, and necessarily, morally depraved."

Some of Shaviro's readers were shocked by this abrupt jump from the political discourse to the moral/ethical, so he tried to justify his position with a Note on Evil, claiming that Obama is the true follower of Kant, and resurfacing his argument (originally posted in 2004 - Nothing) that Kant's concept of radical evil applied exclusively to the Republicans.

For a much more coherent and compelling argument about the relationship between hypocrisy and cynicism, see David Runciman's new book on Political Hypocrisy. Runciman also finds for Obama, whom he compares with Lincoln, and quotes approvingly Obama's view that "It is only the politician who is able to speak his mind freely who knows when to compromise".

For a systems thinking view of the US election, see the POSIWID blog.

Saturday, July 12, 2008

The Future of Cash

Adam Shostack posts on The Recent History of the Future of Cash. He points out that the choice between cash and electronic payment systems is influenced by questions of trust. In some countries with high inflation, people don't trust cash. But people also don't trust complex and unreliable electronic systems.

Lack of trust increases transaction costs. If I am constantly on guard because of unexpected charges on my account - whether this is due to error or fraud, or simply because the service provider is pocketing a fee for something - then I may have to maintain transaction archives, or copy every transaction into a separate spreadsheet or database. Adam links to a post by Gary Leff, who prints out everything he can think of because he is expecting to be cheated out of some complicated deal on frequent flier miles. This kind of thing is symptomatic of the shallow and short-sighted version of the Support Economy.

Meanwhile, when I buy a book from my local bookshop, the shop accepts cash or debit cards. But if I use a card, the bank will take a cut of the transaction (from the shop). So I prefer to pay cash if I can: cash doesn't really cost me any more than card, but I prefer the shop to get all the money.

Some people feel safer just carrying a card, because cash can be lost or stolen. But which is the greater risk - being mugged by a drug addict in the street, or being ripped off by a major corporation? Different people balance those risks differently.

Friday, June 20, 2008

Plausible Denial

In the annual Underhanded C Contest, programmers compete to construct code that looks innocent but does undocumented and devious things. One of the judging criteria is plausible deniability - which in this case means the ability to claim the error as a genuine mistake rather than a cunning trick. (Via Bruce Schneier)

In delegating stuff from an agent to a principal, plausible deniability can operate in either direction. Many well-known examples, both in real-life and in fiction, involve the principal denying knowledge or responsibility of the actions of the agent. For example, governments sometimes keeping the dirty details of espionage at arms length. Or well-known companies sometimes being strategically ignorant of the exploitation of child labour in their suppliers' factories, or turning a blind eye to short-cuts and risks taken by subcontractors.

But the programming example works in the other direction. It involves the agent (in this case a programmer) craftily subverting the intentions of the principal (the user of the program), while remaining "innocent" if the trick is detected. There are many situations in delegation and procurement where a dishonest agent or supplier can abuse trust with impunity. Even if the trick is detected, it can be passed off as human error, and probably forgiven and forgotten after a sufficiently charming apology and repair.

Tuesday, November 27, 2007

Shakespeare on Identity Theft

On the Loss of Two CDs by Her Majesty's Revenue and Customs containing the Records of 25 Million Taxpayers and their Children.

Shall I compare thee to a string of digits?
Thou art more personal and more private.
Rough Humphreys doth quiz the Darling on Today,
And Gordon's lease hath all too short a date.
Sometime too close the eye of Google shines,
And oft is gold from banking accounts skimmed;
And every mother’s maiden name declines,
By chance, or nature's changing course untrimmed.
But thy perfect database shall not leak
Nor lose possession of that CD they sent;
Nor shall the hacker spam and phish and phreak,
When with eternal ID card thou went,
So long as cars have chips and streets have CCTV,
So long lives your identity, and this gives life to thee.

Sources: BBC News, The Register, Robin Wilton, Into the Machine.

Saturday, August 26, 2006

Call Forwarding

cross-posted to Innovation Matters blog

According to legend, the automatic telephone exchange was invented by an undertaker (Almon Strowger) who believed his business was being redirected to his competitors by corrupt telephone operators.

David Lazarus
reports a vulnerability in call forwarding, whereby a fraudster persuades ATT to redirect a pizza parlour's calls to him. In this case, the fraud involved collecting credit card numbers, but as Lazarus suggests, this scam could also be used by a competitor to steal business.

Further comments on Bruce Schneier's blog, where greygeek points out the historical irony of the Strowger switch.

Fraud erodes the benefits of technological progress. What were the original benefits of the automatic telephone exchange? It was efficient, impersonal and less vulnerable to bribery and corruption. These are some of the benefits of the classic bureaucracy as identified by Max Weber - and many technological innovations provide similar benefits.

And now the benefits of Strowger's innovation are apparently reversed. Don't assume that technology progress is always onward and upward.

Sunday, July 30, 2006

Security Trends

Sean of F-Secure avers "that the lack of large virus outbreaks is evidence that the malware environment could be getting worse, not better". [Exploit Wednesday, via Emergent Chaos]

F-Secure does seem to have some evidence for the growing sophistication of malware attacks, and a plausible explanation for the fact that these attacks are less visible. But explanation is not evidence.

Point One. Even if visible attacks are decreasing, this doesn't provide conclusive evidence that invisible attacks are decreasing.

Point Two. The lack of evidence that invisible attacks are decreasing does not imply any evidence that invisible attacks are increasing.

But that's not quite what F-Secure says. F-Secure avers that the reduction in visible attacks provides evidence that invisible attacks could be increasing.

But this is rubbish. We don't need evidence for the possibility of increased attack; it's not something that requires evidence. What we want to know, which F-Secure avoids telling us, is some measure of what is going on. And F-Secure is not offering us any evidence that is relevant to this question.

This illustrates a general problem with evidence-based policy in risk and security matters. When preventative action is effective, it is often difficult to demonstrate its necessity. So security experts and vendors feel themselves obliged to talk up the (sometimes counterfactual) possibility of attack, without always being able or willing to present concrete evidence of the incidence of attack.

Technorati Tags:

Tuesday, July 11, 2006

Double Bluff 2

Barry Briggs worries that the bad guys might get to scan our data, thanks to Passport RFID.

"Achieving international cooperation for RFID encryption would probably never work anyway, and of course there are those nations that would be fine letting the algorithms/decoding chips into the wrong hands."

Now, which nations would those be? In my post Double Bluff, I commented on the fact that the British security forces deliberately leaked some technologies to the IRA, playing a devious game they thought they could control. These technologies later led to the death of British soldiers in Iraq.

We can't even trust our own side to look after our own security, or to think through the consequences of their actions.

Wednesday, July 05, 2006

Collective Bargaining

Collective bargaining used to refer mainly to wage negotiations in which the workforce negotiated collectively rather than individually - typically delegated to special representatives such as trade union officials.

Collective bargaining has always involved a pattern of collective mutual trust known as solidarity, often enforced by formal discipline or social pressure.

A new form of collective bargaining is emerging in China, known as team buying or tuangou, where gangs of customers arrive at a shop and demand high discounts. [source: Economist via Confused of Calcutta]

I wonder how these gangs enforce solidarity? Suppose the gang leader demands a 20% discount, and the shop offers a 10% discount. What if some of the shoppers are happy to accept this? Is there a collective decision process? If a few shoppers accept the deal that the majority has rejected, would this be regarded as a breach of trust?

Technorati Tags: