I just responded to a survey being conducted as part of the Obama administration’s 90-day review of big data and privacy. I think the balancing of national security and public safety with privacy is a profoundly solvable problem, and I’m cautiously optimistic that something useful will come from this effort. If nothing else, it gave me a few minutes to really think through how I feel about what’s been going on with the NSA surveillance issue.
The survey is very high level, and I think the specific questions are conflating a lot of issues, but it was nice that there was a free-form text field that asked “Is there anything else you’d like to tell us about your thoughts on this issue?” (with apparently no length limitations).
Here’s what I wrote in that field:
This survey conflates a lot of issues, to the point of becoming almost worthless.
There are situations where I create, use, and share information about myself with an expectation of the protection of my privacy. For example, when I enter into a relationship with another entity (e.g. commercial business, a communications service provider, a medical provider) I expect that entity to use information about me only for purposes that I’ve been informed of and agreed to, I expect it to share that information only with other entities and for purposes that I’ve been informed of agreed to, and I expect it (and any other such entities) to protect that information vigorously from any other access or use (including surreptitious surveillance by a government with unreasonable and overreaching suspicion about my activities).
For situations where I have this expectation of privacy, I don’t trust any institution with my information, to any degree, where it has obtained my data in any other manner, and I am very concerned about any form of data collection where information about me is being collected without my express consent.
There are of course other situations where I have no expectation of the protection of my privacy. In those situations, I have to decide if and how to share information to protect my own privacy. For example, if I whisper something secret and private to my wife while walking through a public place (say a shopping mall for example), by whispering I am taking reasonable precautions to protect my own privacy. If the government reasonably suspected me of some kind of illegal or threatening activities, and it felt that something useful and necessary for the protection of the public could be learned from these whispered secrets, and having met the legal bar (e.g. a search warrant) for such actions, it could employ technology (such as long-range microphones) to capture and collect that information.
But the government could also instead force all clothing manufacturers to secretly install hidden recording and transmitting devices in all clothing sold in the United States to capture and collect these whispered secrets, for use as and when needed in the event that a particular individual becomes subject to reasonable suspicion. If that’s not a reasonable thing for the government to do (and I think most people would agree that it is not), then neither is it reasonable for the NSA to be doing what it’s been doing with the telecommunications industry in the United States.
The survey is at http://www.whitehouse.gov/issues/technology/big-data-review.
This weekend, in my quixotic going-on-20-year effort to fully automate my financial life, I’ve again been banging my head on Quicken and other Intuit and banking silliness. Nobody I encounter seems to care about these things the way I do, but I just have to throw this out to the world’s consciousness.
This Quicken Q/A leads me to the following two conclusions:
1. The fact that Intuit doesn’t support the OFX standard that it helped to standardize (they support only their own variant of it) represents one of the most egregious monopoly abuses ever to occur in the US (I’m not accusing anyone of a crime, this is just my opinion).
2. There should be a standardized method using 2-factor authentication for a person to access their own banking transactions through a UI, and there should be a standardized method (e.g. OAUTH) for a person to safely authorize a service to access their own banking transactions via an API. These should be supported by every banking institution doing business anywhere in the world. The fact that we have these things in the year 2014 for services like Gmail and Twitter, but not for banking, should be considered the silliest thing to have happened in the information age thus far.
Firesheep makes it trivially easy for even non-advanced users to highjack authenticated web sessions being transmitted over wifi networks under the following circumstances:
- If you’re using a non-https site (i.e. Twitter, Facebook, and lots of others)
- If you’re using an https site with poor session management (such as redirecting some of the site to http and transmitting cookies for the authenticated session over http). Lots of sites that use https put https protections at risk by mis-handling session cookies.
Not using https and/or not using good session/cookie management have been calculated/mitigated risks or just laziness on the part of site designers. For lots of medium sensitivity sites (like social network sites), users who understand the choice have been ok with not using https as a mitigated risk. Then of course there are lots of users who don’t understand the choice.
The thought process has basically been that it’s hard enough to intercept traffic in most usage scenarios and the sensitivity of the data is low enough (i.e. it’s not like its your banking site) that it’s a good security tradeoff. It’s been regarded as secure enough, and the rate of incidents of session highjacking could be expected to remain low.
The availability of something like Firesheep changes this equation considerably on open wifi networks. The rate of incidents of session highjacking on sites not using https or using https with poor session/cookie management and being accessed via open wifi networks can be expected to become much higher in pretty short order.
Open wifi isn’t the problem in particular. Poor website security design is the problem. The same basic risk of interception of sensitive data exists as your web session traffic moves across the various intermediate networks between your computer and the website you’re using. But the interception of traffic on those networks is much more difficult and is generally exposed to a much smaller set of potential bad actors. With firesheep, on open wifi networks the degree of difficulty has been reduced to the point that the risk of session highjack is much, much higher.
I’ve seen the following information posted on Facebook by a few of my friends:
- “Facebook launched Facebook Places yesterday. Anyone can find out where you are when you are logged in. It gives the actual address & map location of where you are as you use Facebook. Make sure your kids know! Go to”Account”,”Account Settings”, …..”Notifications”, then scroll down ……to ……”Places” and …un-check the 2 boxes. Make sure to SAVE changes and re-post this!!”
That post is actually not remotely accurate, and I’ve written this post to hopefully help dispel these myths.
Facebook Places allows you to share your location if you’re using a mobile device that supports it, and if you choose to do so, and only with those you choose to share it with (Friends Only, Friends of Friends, Everyone, or Custom, it’s entirely up to you). You have to deliberately perform a “check-in” on a location-aware device in order for you to share your location with anyone, and by default you would be sharing this with Friends Only.
It also includes a feature that allows your friends to share your location with others. The default setting allows your friends to check in somewhere (i.e. share their location) and also “tag” you at that location (i.e. say that you are there with them). This is the default behavior that many people understandably have an issue with. But, it’s very easy to disable this capability entirely in your privacy settings, and it’s very easy for you to remove the tag if someone has done this before you disable it (not to mention the fact that you would also be free to un-friend someone who did this to you in a manner that you found offensive).
Changing your notification settings for Places (as the above post recommends) is not a good idea, because then you won’t get a notification if someone has tagged you somewhere. What you need to do is adjust your Privacy settings for Facebook Places according to your preference.
If you decide that you want to share your location with your friends, you can also choose whether that information is or is not available to applications your friends choose to use.
This is what it takes to keep my Dell Precision M4400 from going into heat-induced paralysis when the temp hits 95 in Seattle (and that’s a fan-cooled pad it’s sitting on too).
This post is slightly off topic, but it does have some connection to my blog topic of trust, and is something I wanted to speak out about.
I recently had the shock of logging into my mobile provider’s website (T-Mobile) to review and pay my most recent statement, and realized that my current bill which is normally in the $100 range had exploded to $685. This after I had recently changed plans and was expecting my bill to be even smaller than it had been recently.
So I got to looking at the details and realized that the majority of the excess amount resulted from a single charge for “roaming data services”. It was at this point that I remembered that I had made a business trip to Winnipeg during that statement period.
I called my provider to inquire about this charge, and learned that I had been charged a premium rate for data services used while roaming, that the unlimited rates for data and SMS included in my service plan do not cover roaming charges, that I should have known this, and they could have helped me avoid these charges if I had called them prior to international travel. Despite various degrees of complaining, railing, and pleading on my part, they are not going to reduce the charge, and I will have to pay it. They did offer to set up a payment plan for the excess charge to be paid over several billing periods (gee, thanks).
Here’s what’s going on
Mobile providers need to engage in capacity planning. Like any service provider they need to be able to operate their networks with some logical relationship between revenue and cost that results in a profitable business. I have no problem with this.
So for mobile operators this means that providing services for roaming subscribers of other mobile operators is a big unknown in their cost model. They know how many subscribers they have on their own network and they have lots of usage data that they can use for capacity planning, in order to arrive at a logical revenue model that drives what they then charge their subscribers. It’s difficult to know how much roaming usage they need to plan for. The solution is to charge a high wholesale rate to a roaming user’s home operator when they provide services to roaming subscribers. The home operator in turn marks up that wholesale rate to arrive at a retail rate charged to their subscriber. Which in my case noted above, resulted in a rate in excess of $10 per Megabyte.
The problem is, it appears to me, that this system has become exploitative and predatory in practice. Instead of being a cost/revenue projection problem, it has clearly now turned into a huge revenue stream for mobile operators.
In my mind there are three key elements that make this an egregiously exploitative and predatory business model: first, the wholesale rates being charged are far in excess of the foreign operator’s actual costs; second, the markup being earned by the home operator is excessive; and third, these rates are being paid without any notification to the subscriber at the time of consumption. Is there any other situation where an individual consumer makes a purchasing decision in the range of hundreds to thousands of dollars without knowing he is making that decision? Not many that I know of.
So the European Union has figured out that this is a problematic practice that needs to be addressed. The European Regulators Group has passed regulation, which goes into effect in early 2010, providing limits on wholesale roaming rates, and requiring notification to subscribers when they first initiate a connection subject to a roaming rate. Glad to see this, and hoping to see North American regulation follow suit.
Meanwhile, I’ve determined how to set my phone to avoid roaming for data services. For anybody interested, on a G1 it is as follows:
Settings -> Wireless Controls -> Mobile Networks -> Data roaming (connect to data services when roaming)
- Let every eye negotiate for itself and trust no agent. – William Shakespeare
- No way of thinking or doing, however ancient, can be trusted without proof. – Henry David Thoreau
- Trust not yourself, but your defects to know. Make use of every friend and every foe. – Alexander Pope
- Watch a cat when it enters a room for the first time. It searches and smells about, it is not quiet for a moment, it trusts nothing until it has examined and made acquaintance with everything. – Jean-Jacques Rousseau
- You must trust and believe in people or life becomes impossible. – Anton Chekhov
- Every kind of peaceful cooperation among men is primarily based on mutual trust and only secondarily on institutions such as courts of justice and police. – Albert Einstein
- Se non è vero, è ben trovato (Translation: “If it’s not true, it’s a good story.”) – Italian Proverb
- R2-D2, you know better than to trust a strange computer! – C-3PO, in The Empire Strikes Back
- Trust? You want me to trust you? Do me a favor, Ed, don’t use big words you don’t understand. – Erin Brockovich