Security: March 2008 Archives

Margin of Error and Instant Gratification

By Kee Hinckley on March 22, 2008 11:37 PM | | Comments (1)
I originally wrote this for my online "'zine" called Buzz, hosted on commons.somewhere.com. That was in November of 2000, right after the Florida election fiasco. Although the specifics of that election are dated, the general information is not. This is about polls, how newspapers report them, and how our need for instant results just makes things worse.

"Margin of error" is a measurement of how confident you can be of a statistical result.  My stats books have long since been relegated to a box in the basement, but if you want more specifics, try this link (http://whyfiles.org/009poll/math_primer.html).

The primary influence on the margin of error is the size of the sample, but methodology can also have an impact, although it generally isn't measurable until you discover just how wrong you were after the fact.  That's what happened in the famous Dewey vs. Truman example (they polled via telephone, and people who had telephones at the time turned out to be a rather different group of people than the general population).  Methodology problems also explain what went wrong with the predictions of who was going to win the 2000 presidential election in Florida, and why web-based polls (sell-selecting sample) are completely bogus.  Of course, if enough people start refusing to answer pollsters, all polls will be self-selecting and invalid.

The problem is that, although pollsters report margin of error, newspapers seldom give them more than a footnote.  So this year we've seen a lot of headlines like "XXX Takes the Lead" followed by an article that tells how the candidate is now two percentage points ahead, followed by something (buried deep inside) mentioning that the margin of error is plus or minus three percentage points.  Let's be perfectly clear.  If the difference in the polls is within the margin of error, then there is no difference.  None.  Any headline to the contrary is making up something that doesn't exist.  If you did the poll again it might well show XXX losing by two points--and that wouldn't mean anything either.

But of course, margin of error in polls is a pretty trivial problem compared to margin of error in vote taking machinery.  The reports I've seen (sorry, I've lost the reference) say that these lovely punch card machines are, when working absolutely optimally with absolutely wonderfully punched cards, 99.9% accurate.  That sounds nice, until we consider that the machines in use throughout polling machines in this country are almost certainly not in optimal condition, and we know for a fact that the cards weren't well punched either.  On top of it all, 99.9% sounds nice, but the results of the Florida elections were so close that the difference between the candidates was less than .1%.  Or in other words, the difference was within the margin of error of the counting machines.  Which means, just like in polling, the difference is statistically insignificant.  It doesn't mean anything.  Do it again and you might get a different result. However, in this case the errors tend towards a particular type.  Punch card voting machines have trouble with partially poked holes--they think nobody voted.  This isn't necessarily because the voter screwed up either--you can poke the things and the chad still might not separate properly. So that biases the results in a particular direction.

So, we have a vote that is so close that it is statistically a tie.  You can either treat it that way, or you can try and decrease the margin of error.  That's what hand counting is all about.  The real good news is you don't have to hand count every single vote.  All you need to count are the ones that the voting machine rejected as being possibly in error.  Voting machines don't tend to count unpunched holes as punched (and if they did, you'd get multiple votes--so those will be flagged as errors anyway).  So by counting just a few (relatively speaking) votes, you can greatly increase the accuracy of the count, and thus decrease the margin of error.  Meaning that even if the results are still off by a few hundred votes--now you have confidence that those votes actually represent the will of the people.

BTW.  If punch cards are so inaccurate, how come computers used them so easily?  Two reasons.  One, you didn't punch computer punch cards by hand--you used a special machine.  You'd enter the data for a card, and then it punches out the holes.  Secondly, computer punch cards, in recognition of the fact that you can have errors, tended to use a checksum to help ensure that if something did go wrong with a card, you'd notice.  (An example checksum might be a parity bit--where a hole would be punched at the end if the result of adding the numbers on the card was even, and not if it was odd.  If a hole became clogged, or the chad fell out, the checksum would not be likely to match, and the card would be rejected.)

So, what was that about instant gratification?

Some people (primarily pundits and candidates) have been making much of urgency to bring the election to resolution as soon as possible.  This sounds reasonable because we are used to our election results being announced nearly as soon as the polls close (and sometimes before).  But in fact, the whole concept is silly.  The elections are not over until the electoral college has made its decision.  But even before that, as people are finally seeing in the Florida situation, there are three levels of "results" from an election.  There are the polls, there are the unofficially tallies (often made by some organization jointly formed by the two major parties), and then there are the official tallies that the state certifies.  You virtually never see the official tallies.  That's particularly frustrating if you are trying to form a viable third party, since the unofficial tallies often don't even bother to count minor candidates.  (Quick, how many votes did the Socialist Party get nationwide?)  A few years ago I voted for a third party candidate for governor and I was never able to find out how many votes he received. By the time the official results were available, nobody considered it news--so the press never reported it.  So far this election has taken no longer than any other election has ever taken.  It's just that this time people actually want to know what the real results are, not just the fast food version.

"Paranoia" is not a Synonym for "Security"

By Kee Hinckley on March 22, 2008 9:33 PM | | Comments (0)

I originally wrote this in January of 2004 but never got around to posting it. Unfortunately, it seems to be just as relevant now. As Bruce Schneier says, we spend a lot of time and money (and fear) on "movie plot" security. The point of terrorism is to inspire fear. I suspect the terrorists have succeeded beyond their wildest expectations.

Today I dropped my laptop off at the Junior High (excuse me, "Middle School") so my daughter could make a presentation in Science class. (Yes, they have computers there, but they are these Windows things that don't meet my daughter's standards for design or elegance.) The plan was simple. I'd go in, meet her at the classroom between periods, give her the laptop, and return at the end of the period to pick it up. (It's my primary machine, I'm not going to leave it with her for the whole day.) I was going to drop it off at the office, but she suggested that I go in the back door. I pointed out that it was locked. She said to knock on the classroom window or wait until someone came out. I said I thought the front door might be a better idea.

Well, the best laid plans.... I was talking to a neighbor just before I left, and she told me I'd better get a hall pass. Seems that last Halloween a parent went to a class party (with the teacher's consent) dressed as a gangster, complete with a wooden gun. On the way out after class, someone asked him if he had a hall pass, he told them he was just leaving. A janitor followed him, someone called the police, he seemed to be driving towards another school (kind of hard not to do that in our town), there was a lockdown there and the police arrested him and took him to jail.

So I decided to play things by the book. I went in the front door to ask for a pass.

"May I help you?"
"Yes, I'd like to take this bag down to my daughter's science class, she needs it for the next period."
"Nooo, may I help you?"

Well, that was kind of a weird response. So I tried again. This time she actually explained. No, I couldn't go to the classroom. I'd have to leave it in the office. So I left it in the office, with a note to my daughter telling her she should bring it back to the office after class. They then called the classroom my daughter was currently in, interrupting the teacher, to tell him to have my daughter come to the office after class. (I'm told that the phone often rings four or five times in the classrooms in a single class—who's brilliant idea was that? When notes had to be delivered in person, they got prioritized.)

Ironically, this was in fact my original plan, but I'd rejected it when my daughter suggested going straight to the classroom, because I realized that between getting her stuff out of her locker, and coming to the office, there was no way she was going to make it in the four minutes they allot between classes.

An hour later I returned to the office, explained to a different person there that I was waiting for my daughter to return the laptop, and waited in the office. When the bell (tone) rang, I went and stood in the hall. Being on edge from all this concern about me, I carefully stood where they could see me from the window, so they'd know I wasn't going anywhere. All was going swimmingly until Baltimore (sorry, very obscure song reference there). I said "Hi" to a few students I knew, nodded to a teacher of two. Then the assistant principal showed up.

"Do you have pass?"
"No, I'm just waiting for my daughter."
"You need to check in to the office."
"I did. They know."
"You need to wait in the office. I hope you appreciate our security."

Well, no, as a matter of fact, I didn't appreciate it at all. That's like the record companies encrypting the CD as a "service" to the customer. But anyway, I kept my mouth shut... that time.

So she escorted me ten feet to the office door and inside. She then attempted to explain to the office person what I was doing there (we both told her we already knew—what, she doesn't hear a word I say?) The office person asked what classes my daughter was between, I explained, she said that meant she'd be passing from the stairwell to the auditorium. I agreed. That, I said, was why I'd been waiting where I could watch for her.

Well, at this point the assistant principal spoke up again. I don't remember the exact words, but it was to the same effect as before. That I should be glad that they were providing this level of security for my children.

I told her that she didn't want to get in a discussion with me about paranoia and security.

So of course, she did.

This wasn't paranoia, she said. These days you needed to provide tighter security.

I told her that I didn't like bringing up my kids in this kind of environment.

She agreed, but said that that was just the way we had to do it because of the times we lived in.

I said a few more things, but rather than paraphrase them quickly, let me state them here more clearly.

These are not dangerous times!

Americans are safer now than ever before in history. Not because of recent increased "security", but because of general changes in our society, and in the world as a whole. (Surprise, surprise. The world as a whole is generally better too—could be even better if we'd stop treating enemies of enemies as friends, and start thinking about them as people rather than governments, but that's a topic for another missive.)

Hijaackings? School bombings? Kidnappings? Firebombings? Groups planning the overthrow of the government? Hidden cells plotting acts of terrorism against citizens and buildings? Those aren't things that are happening now. Those are things that happened frequently in the 50's, 60's and 70's. Has everybody forgotten all the hijacked airplanes to Cuba? Ransome threats? The SLA? Bombed churches and schools? This isn't recent stuff, this is old news. We didn't get paranoid then. Why are we paranoid now?

And the paranoia isn't healthy. Our government is attempting to declare U.S. citizens to be enemy combatants with no rights at all. That barely makes sense if they are found fighting in a foreign country against us. But we're talking about U.S. citizens captured in the the United States, with no evidence that they ever took any action against the U.S.. And we've tens of millions of citizens that think this is a legitimate power for the government to have! Has everyone forgotten J. Edgar Hoover and doctored evidence? Has everyone forgotten Nixon and the breakins? McCarthy? Those were people who had absolutely no qualms about faking evidence against their enemies. What could possibly persuade someone to give that kind of unaccountable power to our government? We have proof that given secrecy and power, our government officials will eventually abuse it. And yet we want to give them more secrecy and more power?

http://www.usatoday.com/news/nation/2004-01-12-code-orange-cover_x.htm "Of the 14,000 names that were examined during the alert, there were 300 such "hits," the counterterrorism official says. None turned out to be a terrorist, the official says." False positives that high are very bad, not only do they make the system a huge annoyance (that's a very small number of people checked—imagine checking an entire airport) but after awhile you stop taking the reports seriously.
And then we have the fake security. Take checking names of incoming foreign nationals. It's not like we're doing it secretly, such that we might catch someone by surprise. Out in the open we are doing name checks that have over a 2% false positive rate (in other words, 2 out of every 100 people matches a terrorist and gets shunted aside, or taken off the plane, or causes the flight to be canceled). And who will this catch? Any known terrorist who has the idiotic lack of sense to travel into the U.S. on a passport in his own name. Now how difficult do you think that is to bypass?

But, you say. This is all different. It calls for extreme measures.

What is different? Terrorism in the U.S.? Hardly. Domestic terrorism has been a problem in this country since its founding. I didn't see anyone asking Christian ministers to stand-up and condemn the bombing of the Federal Building by a Christian. Foreign terrorism isn't new either. We have a family friend who was assassinated in a New Jersey parking lot. He was a high profile Bahai, and someone had him hunted down and killed. This isn't even the first time the World Trade Center was attacked—we didn't panic the first time that happened.

America is a very safe place to live. The problem is, the safer we get, the more we jump at shadows and worry about little things. This time we got hit with a big and successful attack. Our government has deliberately taken advantage of our fear to take steps that give the government more power, and the citizens less power and less freedom. One common misperception they've pushed, and I think it is more from self-delusion than a deliberate attempt to mislead, is that there is some danger of an attack on the American infrastructure. The World Trade Center was hardly a piece of American infrastructure. It was a symbol of American capitalism and of American arrogance (in the sense that it was an attempt to show off by building higher for the sake of building higher). It was attacked because, like almost all terrorism, this is a battle over ideas and a way of life (and democracy isn't the issue, so much as capitalism and democracy without moral direction). The Golden Gate bridge isn't a symbol of America, and so it's not a likely target. Killing lots of people by spreading nuclear fallout isn't the kind of thing that gets viewed as a move against foreign oppression. Domestic terrorists, fighting what they believe to be an internal war for control, attack that kind of thing. But this is a battle of symbols and press. If you want to look for targets of external terrorism, then look to things that symbolize the worst of the United States to the rest of the world.

But don't look to the local Junior High.

There is absolutely no reason for paranoid security at a middle school. Abductions haven't been suddenly climbing—they've been steadily declining, even before tightened security. Kids aren't innocent of the outside world, they are more aware. And Osama Bin Ladin is not going to try and take out the local Middle School. Furthermore, if some guy with a gun walks into the school and starts shooting the kids, forcing every parent (and even substitute teachers) to wear little badges is not going to slow him down one second. And if he really wants to be stealthy, is the work of a few minutes to make a fake badge that would escape all but the closest scrutiny. Finally, because it's a silly requirement, and because everyone knows in their heart that it's a not a big deal—it doesn't get treated as real. I spoke to half a dozen kids, nodded to several teachers. Did any one of them comment on the fact that I didn't have a badge? No. Not the teachers, the administrators or the kids. Not the ones who knew me, or the ones who didn't.

So what are we teaching in our schools? We're teaching people to be afraid and at the same time, that they should ignore authority. Silly rules breed disrespect. At first it's just disrespect of the silly rules. But it spreads. You stop having respect for the people who made them. And then you stop taking the sensible rules seriously. And throughout all of it is this general sense of fear. You're told that things are dangerous, but you can see that nothing real is being done about it. Either you stop believing anything they say, or you start believing you have no control over your future.

None of those things are lessons I want my kids to learn. And I'd far rather have them take their chances in the real world, than live behind a barrier of lies and half-truths.

So no. I don't appreciate security that manifests itself as distrust and lack of respect for parents and students, without providing any real security. And I'm appalled that people can look at the present and be so frightened, having completely forgotten that the past was much worse.

Wiretapping: Is it Worth the Cost?

By Shireen Hinckley on March 20, 2008 11:05 AM | | Comments (0)
This paper was written for my 10th grade English class. We were given a choice of topics and allowed to argue either side. We researched the topics and made notes, but the final paper had to be written in class, which left no time for proof-reading or editing down. There was a problem with the file server, so I was unable to save my paper. This version was scanned in from the printed copy, and may have additional errors as a result.

Shireen Hinckley
Waddell/E Block

Wiretapping: Is it Worth the Cost?

Although the government often thinks that they know the best way to deal with threats, deciding to take the entirety of the problem into their own hands, this can often lead to more trouble than anticipated. The United States was set up by our founding fathers with checks and balances, and recently, these have been ignored for the cause to fight terrorism. As Bruce Schneier said, "Terrorism is a serious risk to our nation, but an even greater threat is the centralization of American political power in the hands of any single branch of the government. Over 200 years ago, the framers of the U.S. Constitution established an ingenious security device against tyrannical government: they divided government power among three different bodies... Since 9/11, the United States has seen an enormous power grab by the executive branch."(3) The executive branch responded to a terrorist attack by exciting the American public, and making them even more terrified by exagerrating the situation. Through manipulating this fear, the government was able to pass laws and form secret orginizations that before, would never have been sanctioned. One of these was permitting close surveillance of the American public, including wiretapping. Their excuse for this was saying that it would aid greatly in finding and capturing terrorists, and give the people more security. Uncontrolled wiretapping hurts security by providing too much unfocused information; leading to the arrest of innocent people, taking away constitutional rights, drawing resources away from focused investigations, and creating opportunities for abuse and corruption.

Too much unfocused information leads to arrests of unassociated, innocent people and through manipulating paranoia, the government takes away basic constitutional rights. Although government officials claim that wiretapping helps find terrorist workers all over the country, in reality it is messy and inefficient. As Schneier said in "Uncle Sam is Listening, the technology works similar to a vacuum cleaner, "sucking up a staggering amount of voice, fax, and data communications... from all over the world: an estimated 3 billion communications per day. These communications are then processed through... data-mining technologies, which look for simple phrases like 'assassinate the president"(9) These simple phrases will get caught up in casual emails or conversations and can put any innocent American citizen on the suspect list. This limits our rights of free speech and press. Many people do not care that the government is watching their every move, saying that they have "nothing to hide." This innocence cannot save a victim once he has arrested for terrorism, because the government throws out all normal procedure for criminals, such as a phone call or a trial. This was the case of Canadian software engineer Maher Arar, who also holds a Syrian citizenship. Arar, while switching flights in New York to return to Ottawa from Damascus, was detained in JFK airport in Brooklyn as a presumed Al Qaeda terrorist, and then sent to Syria where he was tortured for 10 months. "Arar, who denies any terror links and was never charged with a crime, charges the US government with violating the Torture Victim Protection Act and his Fifth Amendment right to due process."(7) Although Both the Canadian and Syrian governments now say Arar has nothing to do with Al Qaeda, or any other terrorist group, the US government it still adamant with its accusation, although it has presented no proof to the court. Arar was even named by the Canadian edition of Time Magazine as the "Newsmaker of the year," calling him "a symbol of how fear and injustice have permeated life in the West since 9/11 ."(7) His case is not the only one that accuses the US government of illegal workings; the Electronic Frontier Foundation filed a lawsuit against AT&T on January 31, 2006, accusing them collaborating with the National Security Agency. This program's purpose was to wiretap Americans' communications without court oversight; violating the law and the privacy of its customers. These actions were in infringing the privacy safeguards established by Congress and the U.S. Constitution. Evidence soon revealed that the surveillance began before September of 2001, giving NSA no right to claim they were searching for terrorists, as it was not a valid threat at that time. "EFF 's case includes undisputed evidence that AT&T installed a fiberoptic splitter at its facility... in San Francisco that made copies of all emails, web browsing and other internet traffic to and from AT&T customers, and provided those copies to the NSA."(6) When the government and AT&T attempted to dismiss the case on the basis of state secrets, they were rejected, the judge saying, "the compromise between liberty and security remains a difficult one. But dismissing this case at the outset would sacrifice liberty for no apparent enhancement of security." (6) The American public was violated and no amount of security is worth that destruction of privacy. The government cannot be trusted to always do right, as it is not run by supernatural beings. They too will make mistakes as with Arar. The more power the government has, the more they can misuse that power, and the bigger the mistakes can get.

Needless wiretapping and surveillance techniques cause more harm than good by drawing resources away from focused investigations and creating mistrust of the judicial system. The United States is not the only country wiretapping its people. After September 11th, other countries made similar precautions, such as Germany. Niels Sorrells explained the situation in Germany in "German Tap Lessons" saying, "German authorities cannot point to a single successful prosecution of a terror suspect identified from... blind wiretaps. The colossal volume of information produced from tens of thousands of these taps often obscures real threats, while dead ends are pursued. Authorities quite simply do not have the time to listen to and process it all. In the one case in which such surveillance was used to detect a terror plot... the authorities-thanks to old-fashioned investigative methods-already knew the identities of the... plotters. It's hardly a ringing endorsement for the kind of all-encompassing, warrantless surveillance that the United States government wants its citizens to accept. (4) Many times, rather than surveillance techniques aiding in investigations, it jeopardizes them. When certain laws are overlooked or broken, there are eventually consequences. Discoveries concerning organizations such as the NSA make many people question the true motives of other wiretapping programs that are supposedly put there to fight terrorism. "In criminal cases that can put terrorists behind bars, judges now have to worry that evidence was based on illegal wiretaps. Evidence might be excluded or convictions overturned."(8) Courts often do not know when to believe the government when it says where evidence has come from, and in numerous cases the government refuses to reveal even that, claiming it is a matter of national security, as they did in the case with Maher Arar. Judges who believe in the rule of law may feel obligated to be stricter with the government when they cannot trust its statements. This mistrust leads to lack of cooperation and less efficient trials, hindering the prosecution of terrorists rather than helping it. Not only does wiretapping hinder prosecution of terrorists, it wastes valuable investigative resources. "A January 17 story in the New York Times highlighted the huge amount of time and resources devoted to the program, apparently with minimal results. In the days after 9/11, the FBI decided to follow up on every lead... Long lists of phone numbers continued to be generated by the NSA program, however. According to a senior prosecutor: 'It affected the F.B.I. in the sense that they had to devote so many resources to tracking every single one of these leads, and, in my experience, they were all dry leads. "'(8) Even after September 11th, "the N.S.A. material continued to be viewed as unproductive, prompting agents to joke that a new bunch of tips meant more calls to Pizza Hut."(8) Although the government tries to convince the American people that their surveillance techniques are helpful to finding terrorists, the chance is one in a million. They are wasting resources and money chasing ghosts and dead ends, rarely finding any plausible suspects.

Opportunities for abuse and corruption arise when the government suddenly has the ability to retrieve boundless information on any individual. The Pentagon Papers during the Vietnam War made the government have to quickly cover its tracks by weakening the man who distributed them in the eyes of the public. Daniel Ellsberg turned himself in to the FBI, and the administration saw this as an opportunity to weaken the Democratic party. President Nixon decided the only way they could make Ellsberg and the Democratic party weaker was to leak damaging information to the press. The project was named the "plumbers" and their goal was to do surveillance on Democratic members of the government and collect information illegally that could potentially damage their reputation and prestige. On September 3, 1971, under orders from the White House, the "plumbers" burglarized the office of Daniel Ellsberg's psychiatrist, Dr. Lewis Fielding. Because of the resources the administration had at their fingertips, they were able to manipulate the power they had in order to hurt Ellsberg's reputation and claims in court. The burglary and other unlawful surveillance activities were discovered, and Ellsberg was let go on account "unprecedented' government misconduct" which had "incurably infected the prosecution of [the] case. (5) President Nixon complained; "the sonofabitching thief is made a national hero and is going to get off on mistrial. And the New York Times gets a Pulitzer Prize for stealing documents... What in the name of God have we come to? (5) With the power the American people give to the government, they can manipulate it to serve their own ends. They have the ability to incriminate any individual, never getting caught. The United States government is not the only thing that would be able to manipulate wiretapping and surveillance technologies. In fact, the very people that they were supposed to protect against are able to employ it, using it for their own means. In Greece, this is exactly what had happened; "Unknowns tapped the mobile phones of about 100 Greek politicians and offices, including the U.S. embassy in Athens and the Greek prime minister" and later evidence revealed that the criminals actually used the code that was designed into the system; "It's [the] eavesdropping code [that was] put into the system for the police. The attackers managed to bypass the authorization mechanisms of the eavesdropping system, and activate the 'lawful interception' module in the mobile network. They then redirected about 100 numbers to 14 shadow numbers they controlled."2 This code was put into place to search for these terrorists, and they managed to manipulate it to serve their own means. Installing these wiretapping devices harmed the government rather than helped it, and caused more problems than there was originally.

The administration and executive power has taken too much power and ignored the judicial checks that our founding fathers put into place two hundred years ago, and as Richard Posner said, "The government has a conflict of interest, because its paramount duty is to protect national security. If it could be trusted to hold national security and civil liberties concerns in perfect equipoise, there would be no need for judicial checks"(1). They are able to toss aside the Constitution, violating American's basic rights of free speech and press, and cannot be stopped or slowed. Should the government have uncontrolled power over wiretapping and surveillance? No. This power would detrimentally harm the American public, and cause grabs for power and control that would completely disrupt the balance of democracy, and throw the ideals of American into oblivion.

Bibliography

  1. Posner, Richard A. Not a Suicide Pact: The Constitution in a Time of National Emergency New York: Oxford UP, 2006.
  2. Schneier, Bruce. "More on Greek Wiretapping." Bruce Schneier. 1 Mar. 2006. 21 Jan. 2008 <http://www.schneier.com/blog/archives/2006/03/more_on_greek_w.html>
  3. Schneier, Bruce. "NSA and Bush's Illegal Eavesdropping." Bruce Schneier. 20 Dec. 2005. 21 Jan 2008. <http://www.schneier.com/blog/archives/2005/12/nsa_and_bushs_i.html>
  4. Sorrells, Niels C. "German Tap Lessons." Foreign Policy. Sept. 2006. 21 Jan. 2008 <http://www.foreignpolicy.com/index.php>
  5. Stone, Geoffrey R. Perilous Times Free Speech in Wartime. New York: W.W. Norton & Company, 2004.
  6. Hepting Resources." EFF Electronic Frontier Foundation Electronic Frontier Foundation. 21 Jan. 2008 <http://www.eff.org/nsa/hepting>
  7. Regan,Tom. "Canadian Sent to Syria Sues US Over Rendition Policy." The Christian Science Monitor. 11 Aug. 2005. 21 Jan. 2008 <http://www.csmonitor.com/2005/0811/dailyUpdate.html>
  8. Swire, Peter. "Legal FAQs on NSA Wiretaps." Domestic and Economy 26 Jan. 2006. Center for American Progress. 21 Jan. 2008 <http://www.americanprogress.org/issues/2006/01/b1389573.html>
  9. Schneier, Bruce. "Uncle Sam is Listening." Bruce Schneier. 20 Dec. 2005. 21 Jan. 2008 <http://www.schneier.com/essay-100.html>

The iTunes Trojan Horse: Selling Applications

By Kee Hinckley on March 10, 2008 4:57 PM | | Comments (0)

Once Apple has set up iTunes as a software store for the iPhone and iPod Touch, there is no reason they shouldn't leverage that functionality and presence to become the dominant software reseller for both Macintosh and Windows platforms.

iTunes has got to be the most inappropriately named application on the planet. Sure, you can play music, but it also synchronizes your photos, sends contacts to your phone and iPod, synchronizes your calendar with different services, let you buy games for your iPod, and now; will let you buy applications for your iPhone and iPod Touch. it is this last feature which particularly interests me.

IPhone applications will only be available via the iTunes store, to which the only interface is the iTunes application. All applications have to be approved by Apple, and all applications are digitally signed. This means that when you install an application on your iPhone, you know that it hasn't been modified from time the application developer first gave it to Apple. That's a very nice feature from a security standpoint, and one that is also available to programs written for the Mac OS Leopard operating system.

When Apple started selling music, the record companies didn't take them seriously, and never really saw what was coming. As a result, they lost control of the market for their music, and Apple gained the ability to become the number two music reseller in the United States. The only reason that Apple wasn't able to do this to the movie industry as well, is that the movie industry had been forewarned, and limited Apple's access to their content.

When I look at everything that Apple has to do in order to become a software reseller for the iPhone; I wonder whether they're really going to restrict their software to just the iPhone. The hard work in selling software for the iPhone has nothing to do with the iPhone itself. Apple has to set up marketing, digital signing, software evaluation, developer tools, download servers, software upgrade mechanisms, alpha and beta test processes, policies for handling sales and variable pricing, and all the other features that are expected of an online software store. After having gone to all this trouble, why is Apple going to stop with just selling software for the iPhone? Why not use the same software store to sell software for the Mac? For that matter, Windows Vista, also has digital signing support. Given the vast numbers of computers, both Windows and Macintosh, that have iTunes on them, Apple automatically has a huge distribution mechanism for software, and a pre-installed application for marketing, advertising and downloading that software. On top of that, because of the digital signing, Apple can advertise the software is being safer to download than the software that is downloaded off of other download sites.

If I worked at Kagi, Digital River, or one of the other companies that currently handle software sales and distribution (but not marketing), for independent software developers, I would start looking in my rearview mirror. Because iTunes is coming up fast, and has pulled out to pass.

(As a side note, this article was written using MacSpeech Dictate after only five minutes of training. It has worked extremely well, and I'll be writing a review shortly.)

Swiss Bank Julius Baer has dropped their suit against Wikileaks.

By Kee Hinckley on March 6, 2008 7:24 AM | | Comments (0)

Swiss Bank Julius Baer has dropped their suit against Wikileaks. Link. See my previous coverage here and here.

Presumably they realized that a) this wasn't going to be a quick "shut them up while we go public" suit, b) it wasn't going to work anyway and c) it was making matters much, much worse.

A good rule of thumb for people who have embarrassing information about themselves posted on the internet. Feel free to try and clear it up quietly. But don't make a public fuss. No matter how bad you think the situation is, it can always get worse. And if you make it a public issue, it will get worse.

« Security: February 2008 | Main Index | Archives

About this Archive

This page is a archive of entries in the Security category from March 2008.

Security: February 2008 is the previous archive.

Find recent content on the main index or look in the archives to find all content.

Subscribe via Reader

 Subscribe to TechnoSocial

Subscribe via Email

Enter your email address:

Delivered by FeedBurner

About Me

I'm the CEO/CTO of Somewhere, Inc., a company building a unified social networking layer that gives people the means to track their friends across multiple social networks.

Security: March 2008: Monthly Archives

Categories

Creative Commons License
This weblog is licensed under a Creative Commons License.