made the Davos Top 5 Global Risks in Terms of Likelihood.
Davos, the annual conclave of the hyper-rich and famously elected,
has also discovered Severe income disparity
and Water supply crisis, so maybe they’re becoming
However, in Figure 17 on page 25 they’ve got Cyber attacks
as an origin risk, along with Massive incident of data fraud or theft
and Massive digital misinformation. I think they’re missing the point,
which is the real origin risk is poor infosec, and the origin of that
is vendors like MSFT knowingly shipping systems with design flaws
and people and organizations running them while hiding such problems.
Here’s an example of some Internet routing in Iran, in this case on the way to the Ministry of Foreign Affairs on Monday 15 June 2009. Normally, routing and latency don’t change much.
Starting Saturday 13 June, the day after the election, routing and latency
have become increasingly disturbed. More here.
Would that U.S. states had all rescheduled Diebold and the like to the
junk heap after the 2000 U.S. election.
Also notice who twitter’s hosting service is: NTT America.
I’ve been predicting for years that the U.S. duopoly’s
intransigence would lead to NTT and other competent international
ISPs eating their lunch, and I see it’s beginning to happen.
There’s lots of academic and commercial effort put into stopping software and other intellectual property piracy, especially for videos. A form of risk management, I suppose, but one that ignores the much bigger risk to traditional intellectual property
of causing political blowback such as what just happened in Sweden:
“Together, we have today changed the landscape of European politics. No matter how this night ends, we have changed it,” Falkvinge said. “This feels wonderful. The citizens have understood it’s time to make a difference. The older politicians have taken apart young peoples’ lifestyle, bit by bit. We do not accept that the authorities’ mass-surveillance,” he added.
Funny thing about what happens when the majority of the population participates in an illegal activity: eventually it’s not illegal anymore.
At least partially, The Pirate Party puts its increased popularity down to harsh copyright laws and the recent conviction of the people behind The Pirate Bay. After the Pirate Bay verdict, Pirate Party membership more than tripled and they now have over 48,000 registered members, more than the total number of votes they received in 2006.
With their presence in Brussels, the Pirate Party hopes to reduce the abuses of power and copyright at the hands of the entertainment industries, and make those activities illegal instead. On the other hand they hope to legalize file-sharing for personal use.
Many of those abuses of power probably already are illegal; the appropriate laws
just aren’t being enforced. We saw this during alcohol prohibition in the U.S., and we
see it now with marijuana prohibition in the U.S. The first prohibition ended, the second probably will, and meanwhile, online “piracy” is on its way to being redefined.
Under the state’s new election law, disabled voters can keep voting by
touch screen — akin to using an A.T.M. — until 2012. But everyone
else will use them only twice more, for the presidential primaries on
Jan. 29 and municipal elections next spring. With optical scanning,
voters use pens to mark paper ballots that are then read by scanning
machines, leaving a paper record for recounts.
The term "Outrage" suggests that risk cannot or should not be discussed
in a rational manner.
What I think Sandman is getting at is that often risk isn’t
discussed in a rational manner, because managers’ (and security people’s)
egos, fears, ambitions, etc. get in the way.
In a perfect Platonic world perhaps things wouldn’t be that way,
but in this one, people don’t operate by reason alone, even when
they think they are doing so.
Outrage x Hazard may be a means to express risk within the context of the organization, but I like probability of loss event x probable magnitude of loss better for quantitative analysis.
Indeed, quantitative analysis is good.
However, once you’ve got that analysis, you still have to sell it to management. And there’s the rub: that last part is going to require dealing with emotion.
I admire Matt Blaze, and I only hope he was being sarcastic in the
entire post in which, after pointing out that California just decertified
three major voting machine manufacturors due to massive security problems,
How to build secure systems out of insecure components is a tough problem
in general, but of huge practical importance here, since we can’t exactly
stop holding elections until the technology is ready.
Ben Hyde has an interesting bunch of thoughts about verification friction:
We recently got new passports, a project that was at least a dozen times
more expensive and tedious than doing my taxes. I once had a web product
that failed big-time. A major contributor to that failure was tedium
of getting new users through the sign-up process. Each screen they had
to step triggered the lost of 10 to 20% of the users. Reducing the
friction of that process was key to survival. It is a thousand times
easier to get a cell phone or a credit card than it is to get a passport
or a learner’s permit. That wasn’t the case two decades ago.
by Ben Hyde,
Ascription is an Anathema to any Enthusiasm,
10 May 2007
He mentions some cases where friction may actually be socially useful,
as in making it harder to get liquor and easier to get condoms,
or some automobile traffic engineering.
Then he gets to the especially interesting part.
Continue reading →
Have you noticed how difficult it is to find accurate maps of
U.S. Congressional districts?
The ones the
New York Times is using in its election coverage are out of date,
and the Times is far from alone in this error.
A correct map is on the right; more on that below.
This morning I voted early.
This involved using an electronic voting machine.
At least it was some local Texas brand, rather than one of the
better-known brands that has well-known problems.
However, an easy way occured to me
how somebody could subvert these local machines;
a way that doesn’t even involve modifying the software,
wireless networks, or any access to the machine
other than through the voting interface.
Continue reading →