Monthly Archives: June 2006

Mega-Cats: What is Insurable?

Interesting post in Specialty Insurance Blog about mega-cats, i.e., catastrophes so large the insurance industry can’t insure them, at least not without losing many small insurance companies.
There have been and will continue to be large scale disasters that the insurance industry is entirely capable of absorbing, including significant levels of terrorism and hurricane losses, as has been demonstrated with the events of 9/11 and the most recent hurricanes. What needs to be the focus of the discussions is the level of exposure that is above the insurance industry’s capacity, such as the mega-cat hurricanes (see here) hitting the most exposed areas that the experts are concerned about. There has not been much distinction between these exceedingly rare events and other catastrophes that the insurance industry can absorb – but may not want to.

Hurricanes Insurable? 8 June 2006

And of course there’s the question of whether mega-cats will remain exceedingly rare or whether with climate change they will become more frequent.

-jsq

Encryption Cheaper Than Cleanup

Interesting post in Emergent Chaos about whether encryption really is cheaper than cleaning up after identity theft or other breaches of security. The bottom line seems to be that we don’t know the bottom line, because we don’t have a good handle on the costs of breaches and we know even less about how many breaches there really are.

It seems to me that encrypting large datasets on backups, or when mailing them by e.g. UPS to another location, is so trivially easy that it should be worth it to increase resilience as simple risk management.

Some aspects of risk management can’t be easily quantified, so decisions have to be made anyway.  Just doing it like it has always been done is a decision, too.

-jsq

The Internet Freeway

Leave it to Larry Lessig to sum up the net neutrality discussion:

Now Congress faces a legislative decision. Will we reinstate net neutrality and keep the Internet free? Or will we let it die at the hands of network owners itching to become content gatekeepers? The implications of permanently losing network neutrality could not be more serious. The current legislation, backed by companies such as AT&T, Verizon and Comcast, would allow the firms to create different tiers of online service. They would be able to sell access to the express lane to deep-pocketed corporations and relegate everyone else to the digital equivalent of a winding dirt road. Worse still, these gatekeepers would determine who gets premium treatment and who doesn’t.

No Tolls on The Internet, By Lawrence Lessig and Robert W. McChesney, Washington Post, Thursday, June 8, 2006; Page A23

It’s that last sentence that is the real rub. We’ve always had different speed connections to the Internet. What could happen now is that telcos could decide who gets which speed and which quality of service based on who they are and what content they are providing, not just on whether they can pay the price.

Continue reading

Sprinkling Rationality

Here’s an interesting obituary about a fellow who ran a book club for intellectuals in the former eastern bloc:

George C. Minden, who for 37 years ran a secret American program that put 10 million Western books and magazines in the hands of intellectuals and professionals in Eastern Europe and the Soviet Union, died on April 9 at his home in Manhattan. He was 85.

George C. Minden, 85, Dies; Led a Cold War of Words By DOUGLAS MARTIN, New York Times, Published: April 23, 2006

The article quotes an academic paper of a few years ago as saying of his program that:

the initiative sprinkled reality into an "unnatural and ultimately irrational" system.

The recipients of the books in question, ranging from James Joyce to Nabokov to Solzhenitsyn, thought the publishers were altruistically donating them.

Continue reading

Curtain Walls Considered Ineffective

The other day I was staying in Roslin Castle, south of Edinburgh. Very nice location, above a bend of the river Esk, down the hill from Rosslyn Chapel. And in the old days, defensible: shoot your arrows from across the river or up the bank, we don’t care! Or try climbing the cliff and walls while we’re dropping rocks on you!

And then gunpowder came. Much of the castle is missing, due to Henry VIII of England’s troops in 1544. Nearby heights that were formerly only good for viewing the castle suddenly became ideal launching points for cannon balls, which, unlike arrows, could knock down castle walls. There are a few towers and part of the curtain wall left, as well as three quite dank dungeons, but most of the superstructure is gone. The livable part was built in 1622; very recent by Scottish standards.

What has this got to do with the Internet?

A second threat is a softening, if not disappearing, of the network perimeter. For a long time, we were able to get some semblance of securing the enterprise by establishing firewalls and [demilitarized zones] and maintaining the somewhat guarded perimeter. Now with BlackBerries, PDAs, wireless, executives traveling and using the Internet in hotel rooms, and people with VPN access from home systems, the perimeter is an illusion. But security policies and technologies have not kept up with that change. A big vulnerability in many environments is that you still have policies and people viewing the enterprise as protected with a firewall, and that’s simply not the case.

Security expert recommends ‘Net diversity By Carolyn Duffy Marsan, Network World, 05/30/06

This is from an interview with Eugene Spafford. Internet curtain walls, also known as firewalls and perimeters, are also obsolete. Not completely, of course; they can still keep idle tourists out, but they want stop a determined enemy.

There’s much more; the whole interview is well worth reading. Continue reading

The Problem with Legislating

Jeff Pulver in passing sums up the problem with legislating:
We thought it would be sufficient for Jonathan Askin to cover the House Judiciary Committee Markup, given the fact that Staci Pies was going to testify at the Senate Hearing on behalf of the VON Coalition. Well, yesterday afternoon, the VON Coalition was removed from inclusion on the panel. So, the Senate was left with no one expressing the views of the Internet communications industry and the effects that the Senate Bill might have on the emerging industry.

My Worlds Collide on Capitol Hill Today, Jeff Pulver, The Jeff Pulver Blog, 25 May 2006

Legislatures almost by definition can’t be experts on every subject they legislate on. So instead they depend heavily on lobbyists. And sometimes they deliberately exclude parties who are trying to represent important points of view.

Legislators also listen to constituents. If enough constituents say net neutrality is sacrosanct, maybe Congress will get net religion. If your business wants a level playing field that isn’t skewed towards a handful of big telcos, you may want to speak up.

-jsq

Open Source Disaster Recovery

If you can’t count on governments, first responders, telcos, or even the Red Cross to keep communications going during a natural disaster, who ya gonna call? Open source decentralized emergent organizations, apparently:
Volunteers eager to help disaster victims have begun to draw on open source models of organization to mobilize and coordinate vast resources from around the world. This paper investigates two such groundbreaking efforts, involving responses to Hurricane Katrina and to the South East Asian tsunami. The study sheds light on how these organizations evolve so rapidly, how leaders emerge and confront challenges, and how interactions with traditional, more hierarchical disaster recovery efforts unfold. Lessons from these early efforts show how they can be improved, and also point to the need for more research on networked non–state actors that are playing increasingly prominent roles.

Open source disaster recovery: Case studies of networked collaboration, by Calvert Jones and Sarai Mitnick, First Monday, volume 11, number 5 (May 2006),

Decentralized, cooperative, global reach: all the things the Internet was built on. Rapid, flexible, usable response. That sounds like good risk management to me.

-jsq

EFF v. AT&T

EFF is making some progress in their lawsuit against AT&T for handing over logs to NSA for wiretapping:

AT&T has set up a secret, secure room for the NSA in at least one of the company’s facilities — a room into which AT&T has been diverting its customers’ emails and other Internet communications in bulk — according to evidence in key documents partially unsealed today in the Electronic Frontier Foundation’s (EFF’s) class-action lawsuit against the telecom giant.

"Now the public can see firsthand the testimony of Mark Klein, a former AT&T employee who was brave enough to step forward and provide evidence of the company’s illegal collaboration with the NSA," said EFF Staff Attorney Kevin Bankston. "Today we have released some of the evidence supporting our allegation that AT&T has given the NSA direct access to its fiber-optic network, such that the NSA can read the email of anyone and everyone it chooses — all without a warrant or any court supervision, and in clear violation of the law."

The Klein declaration and EFF’s motion for a preliminary injunction against AT&T’s ongoing illegal surveillance were filed under seal last month. But last week, U.S. District Judge Vaughn Walker instructed AT&T to work with EFF to narrowly redact the documents and make them available to the public.

Key Portions of Critical Documents Unsealed in AT&T Surveillance Case Technician Describes Secret NSA Room at AT&T Facility, Rebecca Jeschke, EFF, May 25, 2006

For some reason I thought "we" were better than "them" because we had the rule of law. And that without the rule of law it’s hard to have contracts and capitalism, so this sort of law breaking could be considered a risk to business.

-jsq

PS: Seen on  Fergie’s Tech Blog.