Guess what? Rabodeb is not his “real” name

A rivetting “natural” story of pseudonymity has risen to prime time in America's financial press – partly because government prosecutors have entered the fray. We're not talking here about a teenager, novelist, or garret inhabitant. This involves a corporate executive – John P. Mackey, co-founder of Whole Foods Market, who we have just found out goes by the name of “Rahodeb“. Continue reading Guess what? Rabodeb is not his “real” name

Kafka would have been proud

Here, via MSNBC, is a message in a bottle from some dimension I would not otherwise believe existed: 

VIENNA, Va. – A rule against physical contact at a Fairfax County middle school is so strict that students can be sent to the principal's office for hugging, holding hands or even high-fiving.

Unlike some schools in the Washington area, which ban fighting or inappropriate touching, Kilmer Middle School in Vienna bans all touching — and that has some parents lobbying for a change.

Hugging was Hal Beaulieu's crime when he sat next to his girlfriend at lunch a few months ago and put his arm around her shoulder. He was given a warning, but told that repeat missteps could lead to detention.

“I think hugging is a good thing,” said Hal, a seventh-grader. “I put my arm around her. It was like for 15 seconds. I didn't think it would be a big deal.”

But at a school of 1,100 students that was meant to accommodate 850, school officials think some touching can turn into a big deal. They've seen pokes lead to fights, gang signs in the form of handshakes or girls who are uncomfortable being hugged but embarrassed to say anything.

“You get into shades of gray,” Kilmer Principal Deborah Hernandez said. “The kids say, ‘If he can high-five, then I can do this.’ ”

Hernandez said the no-touching rule is meant to ensure that all students are comfortable and crowded hallways and lunchrooms stay safe. She said school officials are allowed to use their judgment in enforcing the rule. Typically, only repeat offenders are reprimanded.

‘Making out goes too far’

But such a strict policy doesn't seem necessary to 13-year-old Hal and his parents, who have written a letter to the county school board asking for a review of the rule. Hugging is encouraged in their home, and their son has been taught to greet someone with a handshake.

Hal said he feels he knows what's appropriate and what's not.

“I think you should be able to shake hands, high-five and maybe a quick hug,” he said. “Making out goes too far.”

His parents said they agree that teenagers need to have clear limits but don't want their son to be taught that physical contact is bad.

“How do kids learn what's right and what's wrong?” Henri Beaulieu asked. “They are all smart kids, and they can draw lines. If they cross them, they can get in trouble. But I don't think it would happen too often.”

I can't help thinking of Kafka's ironic question, “If judges are putting to death the mentally retarded, why is this judge still alive?” 

For the person who has everything

Whenever a patent is granted, the first sign of it is a flurry of weird mail emanating from a well-oiled spam machine that never seems to fail.  It is delivered right to your home address, presumably because the government releases information without setting any conditions on its use.  Beyond having to sort through more garbage, the whole premise of the marketing campaign is creepy.  Here's an example courtesy of Patent Awards:

Your patent commemorative is more than metal and wood – it is tangible evidence that you have made a contribution to this world and future generations.  One of our customers, Mr. Hank Cutler, said it best:

It is always rewarding to have tangible evidence of one's work, apart from publications.  [Gee!  I didn't know that my father/grandfather/great grandfather did that, but here's a plaque to prove it.  Guess I'll have to do better than that.]  Their presence, in family hostory, fuels future generations to do better things.”

What better reason is there to buy a patent commemorative plaque or frame?  Create your lasting memory so that your “presence, in family history, fuels future generations to do better things” by placing an order for your patent plaque or frame today!

Funny, I think of the tangible evidence as being the success of some technology.  The patent is just a necessity for protecting your business in 2007.

The family history stuff is stupefying.  The last thing I would want is to consciously drive my own children to compete with me.  I'm just glad that they are out of beta . 

But hey.  The plaques are so reasonable – anywhere between $128 and $525.  Let's get a bunch. 

6 year old installs keylogger

Here is a strange one via Pamela Dingle's eternal optimist:

How girl, 6, hacked into MP’s Commons computer

I assume a physical keyboard logger like this could still be used to steal an IdP username & password, even with all the secure desktop stuff that the CardSpace client has built in…

This kind of dongle plugs in between the keyboard and the computer.  So there is one simple solution:  don't type in secrets that could allow someone to gain access to your accounts. 

My view:

  1. CardSpace self-issued cards ( based on public key technology) and managed cards backed by a self-issued card or certificate would both be immune to this attack – assuming no physical access to the computer itself.
  2. Normal Kerberos login would be vulnerable.
  3. Username / password IdP's could be protected from this attack through use of the additional per-card secret described here - assuming non-InfoCard password access was not supported.
  4. One time password (OTP) systems would be unaffected. 

BTW, I now have OTP integrated with my own managed card demo code.  When used with CardSpace it has very nice security properties because the channel from CardSpace to the IdP is encrypted using information in the managed card and the password can never be reused.

A sweep of their tiny fingers

My research into the state of child fingerprinting has led me to this extreme video – you will want to download it.  Then let's look further at the technical issues behind fingerprinting.

Here is a diagram showing how “templates” are created from biometric information in conventional fingerprint systems.  It shows the level of informed discourse that is emerging on activist sites such as LeaveThemKidsAlone.com – dedicated to explaining and opposing child fingerprinting in Britain.

Except in the most invasive systems, the fingerprint is not stored – rather, a “function” of the fingerprint is used.  The function is normally “one-way”, meaning you can create the template from the fingerprint by using the correct algorithm, but cannot reconstitute the fingerprint from the template.

The template is associated with some real-world individual (Criminal?  Student?) During matching, the fingerprint reader again applies the one-way function to the fingerprint image, and produces a blob of data that matches the template – within some tolerance.  Because of the tolerance issue, in most systems the template doesn't behave like a “key” that can simply be looked up in a table.   Instead, the matching software is run against a series of templates and calculations are performed in search of a match.

If the raw image of the fingerprint were stored rather than a template, and someone were to gain access to the database, the raw image could be harnessed to create a “gummy bear” finger that could potentially leave fake prints at the scene of a crime – or be applied to fingerprint sensors.

Further, authorities with access to the data could also apply new algorithms to the image, and thus locate matches against emerging template systems not in use at the time the database was created.  For both these reasons, it is considered safer to store a template than the actual biometric data.

But by applying the algorithm, matching of a print to a person remains possible as long as the data is present and the algorithm is known.  With the negligible cost of storage, this could clearly extend throughout the whole lifetime of a child.  LeaveThemKidsAlone quotes Brian Drury, an IT security consultant who makes a nice point about the potential tyranny of the algorithm:

If a child has never touched a fingerprint scanner, there is zero probability of being incorrectly investigated for a crime. Once a child has touched a scanner they will be at the mercy of the matching algorithm for the rest of their lives.” (12th March 2007 – read more from Brian Drury)

So it is disturbing to read statements like the following by Mitch Johns, President and Founder of Food Service Solutions – whose company sells the system featured in the full Fox news video referenced above:

When school lunch biometric systems like FSS’s are numerically-based and discard the actual fingerprint image, they cannot be used for any purpose other than recognizing a student within a registered group of students. Since there’s no stored fingerprint image, the data is useless to law enforcement, which requires actual fingerprint images.

Mitch, this just isn't true.  I hope your statement is the product of not having thought through the potential uses that could be made of templates.  I can understand the mistake – as technologists, evil usages often don't occur to us.   But I hope you'll start explaining what the risks really are.  Or, better still, consider replacing this product with other based on more mature technology and exposing children and schools to less long term danger and liability.

U.K. wants beerdrinkers’ fingerprints

More news from the the U.K. biometrics front.  Here is a piece by Rogier van Bakel from his site – Nobody's business:

All 12 million kids in the country will have to be fingerprinted. Actually, that's not news — I wrote about it here. What's news (to me) is that parents will likely have no way to opt out on behalf of their children. They can't tell Little Nigel to tell the government's data-miners to shove it.

See if you can follow the logic here without gasping.

David Smith, deputy Information Commissioner, said it was a complex issue that was still being worked out, but it was likely that parents did not have an automatic right to decide whether their children's biometrics could be taken by a school.

“The Data Protection Act talks of consent of the individual — essentially that's consent of the child,” he said. “Now there's a requirement that consent is informed and freely given. That will depend on the age of the child,” he said. “The idea is that as long as children can understand the implications of what they are being asked to do, they can give consent without deferring to their parents. The Data Protection Act is about the pupil's rights, not the parents’ rights over the children's information,” said Smith.

Can a six-year-old understand the implications? A ten-year-old? A thirteen-year-old? It's doubtful, but somehow, the government is fully prepared to consider these pupils — and itself — to be more competent in such matters than the children's own parents.

Also note Mr. Smith's up-is-down government-speak when he spins the ominous legal requirement for children to surrender their biometric data as if it were a really a right — one that must be protected from the ignorant stubbornness of Mum and Dad.

Meanwhile, in the name of crime prevention, U.K. authorities are ordering citizens who visit clubs and pubs to get fingerprinted, too. No joke.

The government is funding the roll-out of fingerprint security at the doors of pubs and clubs in major English cities. Funding is being offered to councils that want to have their pubs keep a regional black list of known trouble makers. The fingerprint network installed in February by South Somerset District Council in Yeovil drinking holes is being used as the showcase. “The Home Office have looked at our system and are looking at trials in other towns including Coventry, Hull & Sheffield,” said Julia Bradburn, principal licensing manager at South Somerset District Council. Gwent and Nottingham police have also shown an interest, while Taunton, a town neighbouring Yeovil, is discussing the installation of fingerprint systems in 10 pubs and clubs with the systems supplier CreativeCode.

In order to qualify for a new license, a pub owner or club manager will have to promise to install a fingerprinting system. If, after the system is in place, customers fail to display a “considerable” reduction in alcohol-related violence, the drinking establishments could have their licenses revoked.

I'll make just a brief comment about both these issues.

I think the student should be able to refuse consent if she doesn't want to be fingerprinted, and the parent should be able to refuse it on her behalf as well.  After all, the child should learn how to protect her self, though ultimate responsibility lies with the parent.  Further as shown by Joy's “No scan, no eat” report, we need some way to prevent the bullying of children (and parents) into submission.

As for fingerprinting people on their way into pubs, all I can say is:  Britain, get a grip!    As a Canadian, it's like watching a loved one losing her mind.

If they don't scan, they don't eat

The more I look into this story, the worse it gets.  We don't have to go to Britain for examples of child fingerprinting – just take a look at this email from a lady in Illinois:

Kim,

My name is Joy and I am continuing to get the word out & tell this true story.

In August 2005, our public school district with less than 500 students decided to start using biometric equipment for “accounting purposes”.  We were told at registration to take our children over and have them scanned.  (There was not an opt out or opt in policy).

I objected and said no – our children are not to use this equipment -especially when there is not a policy to look over.

We were told, “if they don't scan ,they don't eat.”

I explained I believed that to against the law and the rights of the children as well as parental rights.  I was then told that this equipment would put Earlville, Illinois on the map (not like they thought).  A few days later I gave birth to our youngest daughter, on Aug 20, 2005, and explained to my husband that when I recovered I was going to discuss this matter with the district administration again.

Meanwhile my eldest children Brooke & Gunner were still brown bagging it.  Well, Sept 21, 2005 my 7 year old son was scanned anyway – even though he reminded the “tech director” that he was not to scan.

I of course called the school and started recieving excuses from the adminstrative staff.  I went to the local paper, the school board and still did not feel as if we were getting very far with our objection.  I then decided to write to Illinois legislators and the media.

Senator Miquel Del Valle introduced SB 2549 in Jan, 2006. CBN came to our town and interviewed us (as well as Senator Miquel Del Valle on a different date.)  The story aired Nov 7, 2006.  Then Senator Miguel Del Valle stepped down and took another position in Chicago. SB 2549-session sine die.

There I was again writing and calling the media and legislators.  In Jan,  2007 I was invited to speak with some privacy advocates and share this almost unbelievable story.  In Feb, 2007 two bills were introduced and are passing:  HB 1559,  introduced by State Rep Bob Pritchard; and SB 1702, introduced by Senator Kim Lightford.

I have several newspaper articles as well as letters from the Superintendant stating that my 7 yearr old son willingly gave up his finger.  Info about this story can also be found on EFFs deeplinks ,the Cato Institute,The End times and of course the CBN website.   As soon as I get updated on the bills I can notify you.   In the meantime I will continue to get the word out and search for advice on this matter .

I had my finger impression scanned for an Illinois licensure requirement, however I am a mother of five, over 30 and a private detective.

Not a minor child trying to by hot lunch at school.  We know that the data on these children can be sold, given away and anyone who knows how to write a FOIA can have access to this info. 

Joy Robinson-Van Gilder

Make sure children are calm

Continuing to explore the new specialty of child fingerprinting, I came across a nice piece on this phantasmagorical teaching aid:

Not surprisingly, people are responding to this preposterous misuse of identity with sites like leavethemkidsalone.  These people know how to communicate.  Take a look at this little video

Amazingly, those caught up in child fingerprinting have broken the first four laws of identity all in one go.  This will come back to haunt them – and much worse, may stalk some of their little victims.

First, both the parents and the children should have been asked for consent – and given the opportunity to opt out (law 1).  Second, far more information is being collected than is required by what the schools are using it for (law 2).  Third, this information is in the hands of unwarranted parties (law 3).  Fourth, a non-revocable omnidirectional identifier (you can't change fingerprints) is being used in a an interaction where a unidirectional (context-specific) identifier would do just fine, paving the way for many attacks on the individuals’ privacy and security (law 4). 

Strangest of all, though we can predict with near certainty that the information being collected will leak over time, the schools and government seem to have no concern for the unnecessary liability they are assuming.  Strange.  Perhaps, in Britain, they are immune to law suits?

Already we see the first repercussions.  In fact the Dudley school system teaching aid shown above was taken down in response to a leavethemkidsalone story.

3,500 British schools fingerprinting their children

Greg Mulholland, a British MP, has drawn my attention to a misuse of identity technology that not only concerns me, but saddens me. 

I'm a pretty hard-bitten technologist.  I long ago observed that one of the unfortunate characteristics of computers is that they allow people to do stupid things thousands of times more quickly than they did before. 

But this one goes beyond silly to abusive.  It involves inflicting a technology that is not yet ready for use in the real world, on young children.  An analogy might be a decision, by people who don't realize testing is necessary, to inject students with an untested vaccine.  And worse, the parents have no opportunity to opt out. 

This is one of those cases where ignorance breeds Sorcerer's Apprentices who act without the slightest knowledge that there will be consequences to what they do.

On a personal note, I can't help responding as one who has taught – albeit, not to children.  I wonder what has happened to our teachers, whose job must be to know their students intimately and respond, with open hearts, to their needs and abilities?  What macabre pathways led them to introduce impersonal and mechanized technologies like RFID and – the mind boggles – fingerprinting, as a substitute for personal interaction?  I see a tear in Socrates’ eye.

In  Britain, not only do an estimated 3,500 schools already use fingerprinting, but, in astonishing ignorance of the first law of identity, parental consent is not required.  If it had been, the technical and security issues now coming to light would have been raised earlier, and the money which has been poured down this pathetic technology drain could have been used to better ends.

The following is a story on the BBC web site about the growing controversy and the government's new “guidelines” on fingerprinting in schools:

The guidelines, published next month, will “encourage” schools to seek consent before taking biometric data.

The move comes after it emerged some primary schools stored children's thumb prints for computerised class registers and libraries without parental consent.

The Department for Education and Skills (DfeS) says it does not have figures for how many schools are already using biometric data.

However, a web poll by lobby group Leave Them Kids Alone, estimated that 3,500 schools had bought equipment from two DfES-approved suppliers.

Under the Data Protection Act, schools do not have to seek parental consent to take and store children's fingerprints.

‘Sensitive area’

But privacy watchdog the Information Commissioner will urge them to do so from next month after pressure from parents and campaign groups.

“Because this is a fairly sensitive area – because young people are going to be sharing their personal information – we are encouraging schools to adopt best practice and seek the consent of both pupil and parent,” a spokesman for the Information Commissioner said.

Schools will also be reminded that they must not share the data with other organisations.

They have also been told they should only hold fingerprint and other information “as long as it necessary for the purpose for which it is being processed”.

But the moves are unlikely to satisfy campaigners, who have been calling for a change in the law to ban fingerprint scanners from school premises.

‘Social conditioning’

The director of lobby group Action on Rights for Children, Terri Dowty, said having fingerprint technology in schools – allowing students to register, use the library and buy canteen food – was “encouraging children to be casual about their biometric data”.

Her views were echoed by Phil Booth from the anti-identity card campaign group No2ID.

He said: “We're talking about social conditioning. In a school environment it will make kids less concerned about their biometric data.”

But he also raised concerns about storing such information on “relatively insecure databases”.

Parent activist David Clouter said a lack of guidance from the DfES and the Information Commissioner had “produced a juggernaut of companies wanting to jump on the bandwagon” to sell equipment to schools.

‘Stolen identities’

He had been told that having biometric data in school libraries “would encourage people to read”.

“Given that children have been reading for centuries I find that hard to believe”.

A technology expert, Andrew Clymer, who has campaigned to keep biometrics out of the school attended by his children, aged six and eight, said that no IT system was guaranteed to last beyond a few years.

However, a fingerprint taken from a 4-year-old child would last a lifetime.

“Security is always developed with a timeframe, but biometric data is for a lifetime.

“We would potentially be opening up the possibility that in the future kids will have their identities stolen,” Mr Clymer said.

Guidance

Forty-seven MPs have signed a Commons motion tabled by Liberal Democrat MP Greg Mullholland calling for consent to be required for the collection of biometric data.

Shadow schools minister Nick Gibb has also asked schools minister Jim Knight about guidance.

Mr Knight responded that biometric information about pupils should be handled in the same way as other personal data about pupils, and said it was subject to the Data Protection Act 1998.

Under the Act, schools are not obliged to seek consent from parents, but they should provide notification of their use of data to individuals involved.

‘Common sense’

The DfeS said fingerprints were used to help make school libraries, lunches and “management systems” run more smoothly and the information was stored as a “digital number stream” rather than individual prints.

Schools are also required by the Data Protection Act to tell parents about any information being held on their children and what it is being is used for.

A DfeS spokesman said: “It is important to remember that schools have always collected personal information, such as registers and home addresses, on pupils for their own smooth running.

“They are well used to handling all kinds of sensitive information to comply with data protection and confidentiality laws.

“Parents should be engaged in all aspects of school life and it is common sense for schools to talk to them about this and all issues relating to their children.”

The new guidance for schools will be available from the end of March on the website of Becta, the British Educational and Communications Technology Agency.

Cruise control and alcohol…

In a new comment, Ernst Lopez Cordozo book-ends our “transducer versus delegation” discussion with a spectacular real-life example.

I had been trying to tease apart the distinction between a transducer and an agent to which we have delegated, arguing that we need both classes of component in computerized systems.  Using the “gas pedal” as an example, I wrote:

I’m certain that Ernst would not argue that we “delegate” control of acceleration to the foot pedal in our car – the “foot-pedal-associated-components” constitute the transducer that conveys our intentions to engine control systems.

Ernst's response puts the whole discussion into stark relief:

I agree with your analysis. And yes, it is difficult.

Ten years ago the car of a well known Dutch opera singer caused a fatal accident while driving on the parking deck of the Amsterdam Arena. The singer, who was behind the wheel, successfully claimed that the accident was caused by his car’s cruise control, rather than his consumption of alcohol that night.  I don’t make this up.  Reality dovetails nicely with your examples.

Whether we use an innocent transducer or a possibly disobedient agent determines the deniability of the resulting actions.