Twitter Weekly Updates for 2011-12-04

  • New School blog "'Its Time to Learn Like Experts' by @jayjacobs" #
  • RT @dmolnar Help me shop for furniture #
  • RT @moxie__ WhisperSystems has been acquired! < Congratulations! I hope it leads to great things for Twitter privacy #
  • RT @tsastatus A few new features, and a bunch of status updates, at, more info on the blog #
  • New blog: "Telephones and Privacy" #
  • New blog: "We Robot: The Conference" #
  • New bloggage: "Telephones and Privacy" #
  • RT @securityninja @realex_tracy everyone that walks past my desk has to play with the elevation of privilege cards, eye catching! #
  • New blog: Big Brother Watch Report on Breaches (ht @PogoWasRight) #
  • NPR has a story on FAA/SSA violations of Privacy act going to Supreme Court #
  • RT @hvyboots: So apparently, Carrier IQ is on iPhones too #
  • RT @Jim_Harper Looking for Sen. Schumer's statement re: TSA tracking of cell phones. Anyone know where I can find it? #
  • New School blog post: "The Future of Work is Play" #
  • RT @srbaker Film producers: if your film isn't on Netflix, I'll find it on BitTorrent. You might as well make some money on it. #
  • RT @AdasBooks Today is such an exciting day! The first big news is that our webstore is now live! #
  • RT @ggreenwald Surreal: Sen Feinstein had an amendment to say: you can't imprison US citizens w/o charges – it failed: #
  • .@rmogull I don't think it's hypocrisy, I think people are tired of privacy disempowerment, confusion and the short end of the stick #
  • Oops, violated my own medical privacy, darnit! Can I be in datalossdb now? 🙂 #
  • RT @lorrietweet Speaking today at Silicon Flatirons Privacy Economics event – live stream available < Yay, looks great! #
  • RT @WeldPond It should be in the public's best interest to allow researchers to tell us what the software on our phones does. #carrieriq #
  • Julie Cohen's comments are frames embedded in information systems is really well stated. #flatirons privacy economics #
  • "Let's make sure the system is not set up to thwart consumer desire for privacy" Joseph Farrell @ silicon flatirons #
  • "What we call disclosures are often when someone wants to say they disclosed it but they don't want you to know it" Joseph Farrell #flatiron #
  • "We have effective disclosure, they're called ads" Joseph Farrell #flatiron discussing privacy "disclosure" #
  • RT @liorjs Here's the livestream for Economics of Privacy Conf. Catch @ericgoldman, @paulohm, @rcalo, @laguarda, etc. #
  • ~"Aleecia has a knack for stating the controversial in a non-controversial way" @rcalo #flatiron #privacy #
  • Great question from @rcalo to venture capitalist Seth Levine: Do you worry about privacy as a risk in investing? #
  • Did anyone mention the work on organ donation rates and defaults, tie it to privacy? #flatirons #
  • UStream is reaching out to 14 different websites as I listen to the Silicon #flatirons event on Privacy economics #
  • RT @kbcran #flatirons Thwarting facial recognition with Blade Runner makeup #
  • EyeLink has some really amazing & scary iris recognition tech. Way beyond what i thought was state of the art. Can't find link (@dmolnar?) #
  • Peter Swire has a depressing view of the impact of Sorrel vs IMS #flatirons #
  • Yay @hoofnagle for bringing up the compelled nature of speech in Sorrel. #flatirons #
  • Gävle Goat Gambit Goes Astray #
  • Did he just say "You won't have Herman Cain to kick around anymore"? #

Powered by Twitter Tools

Gävle Goat Gambit Goes Astray

Gavle Goat 2011
It’s a bit of a Christmas tradition here at Emergent Chaos to keep you informed about the Gävle Goat. Ok, technically, our traditions seem hit and miss, but whaddaya want from a site with Chaos in the name? You want precision, read a project management blog. Project management blogs probably set calendar reminders to kick off a plan with defined stakeholders, success metrics and milestones to ensure high quality blog posts. Us, we sometimes randomly remember.

But, but! This year, we actually have a plan with 8×10 color gannt charts with circles and arrows explaining how to set up a market to predict when the goat would burn.

We even have prizes.

Unfortunately, chaos (and flames) emerged, and the goat was burned before we set up the market.

You can read the full story of “Sweden’s Christmas goat succumbs to flames.”

Paper: "The Future of Work is Play"

My colleague Ross Smith has just presented an important new paper, “The Future of Work is Play” at the IEEE International Games Innovation Conference. There’s a couple of very useful lessons in this paper. One is the title, and the mega-trends driving games into the workplace. Another is Ross’s lessons of when games work:

Over the last several years, Microsoft has employed dozens of games and game mechanics in its software development process. Forrester, Forbes and others have covered this work. Table 1 illustrates the areas where productivity games can be the most impactful. Focusing on either expanding skills in rile or “organizational citizenship behaviors” that require core skills &emdash; is the best way to ensure the success of a productivity game. Player motivations is a key component of the success of a productivity game.

Core Unique expanding skills
In role behavior Most Impact
Organizational Citizenship Behavior Most Impact

What this means is that if you try to produce a game that replicates or intrudes on either core work (say, writing code) or unique skills that someone already has (say, threat modeling) the game is likely to be less successful. But if you make a game to help people expand their skill (say, in threat modeling), it will be more impactful and accepted. Similarly, if you’re trying to get thousands of people to help check user interface translations for Windows, it helps to use a core skill, like reading another language, rather than a unique skill (again, let’s say threat modeling) that only a few people have.

This table is really useful guidance if you’re thinking of making a game.

Games, by the way, are tremendously New School. Games are New School because they’re a way to address the real human desires to do something (anything) more fun than deal with security stuff. By making it fun, we can entice people into enjoying the things we need them to do. You should consider if a game can address a problem you deal with, and if it’s in the area of expanding skills in a role or organizational citizenship behaviors that rely on core skills, you’re more likely to succeed.

(I’d link to the paper, but unfortunately, IEEE continues to lock up the scientific literature and impede the flow of progress, rather than charge a few dollars more for each conference to cover the costs of serving up the scientific literature.)

Big Brother Watch report on breaches

Over at the Office of Inadequate Security, Dissent says everything you need to know about a new report from the UK’s Big Brother Watch:

Extrapolating from what we have seen in this country, what the ICO learns about is clearly only the tip of the iceberg there. I view the numbers in the BBW report as a significant underestimate of the number of breaches that actually occurred because not only are we not hearing from 9% of entities, but many authorities that did report probably did not detect or learn of all of the breaches they actually experienced. BBC notes, “For example, it does seem surprising that in 263 local authorities, not even a single mobile phone or memory stick was lost.” “Surprising” is a very diplomatic word. (“What They Didn’t Know: Big Brother Watch report on breaches highlights why we need mandatory disclosure“)

We Robot: The Conference

This looks like it has the potential to be a very interesting event:

A human and robotinc hand reaching towards each other, reminiscent of Da Vinci

The University of Miami School of Law seeks submissions for “We Robot” – an inaugural conference on legal and policy issues relating to robotics to be held in Coral Gables, Florida on April 21 & 22, 2012. We invite contributions by academics, practitioners, and industry in the form of scholarly papers or presentations of relevant projects.

We seek reports from the front lines of robot design and development, and invite contributions for works-in-progress sessions. In so doing, we hope to encourage conversations between the people designing, building, and deploying robots, and the people who design or influence the legal and social structures in which robots will operate.

Robotics seems increasingly likely to become a transformative technology. This conference will build on existing scholarship exploring the role of robotics to examine how the increasing sophistication of robots and their widespread deployment everywhere from the home, to hospitals, to public spaces, and even to the battlefield disrupts existing legal regimes or requires rethinking of various policy issues.

They’re still looking for papers at: I encourage you to submit a paper on who will get successfully sued when the newly armed police drones turn out to be no more secure than Predators, with their viruses and unencrypted connections. (Of course, maybe the malware was just spyware.) Bonus points for entertainingly predicting quotes from the manufacturers about how no one could have seen that coming. Alternately, what will happen when the riot-detection algorithms decide that policemen who’ve covered their barcodes are the rioters, and opens fire on them?

The possibilities for emergent chaos are nearly endless.

Telephones and privacy

Three stories, related by the telephone, and their impact on privacy:

  • CNN reports that your cell phone is being tracked in malls:

    Starting on Black Friday and running through New Year’s Day, two U.S. malls — Promenade Temecula in southern California and Short Pump Town Center in Richmond, Va. — will track guests’ movements by monitoring the signals from their cell phones.

    Still, the company is preemptively notifying customers by hanging small signs around the shopping centers. Consumers can opt out by turning off their phones.

    The tracking system, called FootPath Technology, works through a series of antennas positioned throughout the shopping center that capture the unique identification number assigned to each phone (similar to a computer’s IP address), and tracks its movement throughout the stores.

    The company in question is Path Intelligence, and they claim that since they’re only capturing IMSI numbers, it’s anonymous. However, the IMSI is the name by which the phone company calls you. It’s a label which identifies a unique phone (or the SIM card inside of it) which is pretty darned closely tied to a person. The IMSI identifies a person more accurately and effectively than an IP address. The EU regulates IP addresses as personally identifiable information. Just because the IMSI is not easily human-readable does not make it anonymous, and does not make it not-a-name.

    It’s really not clear to me how Path Intelligence’s technology is legal anywhere that has privacy or wiretap laws.

  • Kashmir Hill at Forbes reports on “How Israeli Spies Were Betrayed By Their Cell Phones“:

    Using the latest commercial software, Nasrallah’s spy-hunters unit began methodically searching for traitors in Hezbollah’s midst. To find them, U.S. officials said, Hezbollah examined cellphone data looking for anomalies. The analysis identified cellphones that, for instance, were used rarely or always from specific locations and only for a short period of time. Then it came down to old-fashioned, shoe-leather detective work: Who in that area had information that might be worth selling to the enemy?

    This reminds me of the bin Laden story: he was found in part because he had no phone or internet service. What used to be good tradecraft now stands out. Of course, maybe some innocent folks were just opting out of Path Intelligence. Hmmm. I wonder who makes that “latest commercial software” Nasrallah’s team is using?

  • Who’s on the Line? Increasingly, Caller ID Is Duped“, Matt Richtel, The New York Times

    Caller ID has been celebrated as a defense against unwelcome phone pitches. But it is backfiring.

    Telemarketers increasingly are disguising their real identities and phone numbers to provoke people to pick up the phone. “Humane Soc.” may not be the Humane Society. And think the I.R.S. is on the line? Think again.

    Caller ID, in other words, is becoming fake ID.

    “You don’t know who is on the other end of the line, no matter what your caller ID might say,” said Sandy Chalmers, a division manager at the Department of Agriculture, Trade and Consumer Protection in Wisconsin.

    Starting this summer, she said, the state has been warning consumers: “Do not trust your caller ID. And if you pick up the phone and someone asks for your personal information, hang up.”

    I’m shocked that a badly designed invasion of privacy doesn’t offer the security people think it does.

    When I say badly designed, I’m referring to inline signaling late in the signal, not to mention that the Bells already had ANI. But they didn’t want to risk the privacy concerns with caller-ID impacting on ANI, so they designed an alternative.

"It's Time to Learn Like Experts" by Jay Jacobs

I want to call attention to a new, important and short article by Jay Jacobs.

This article is a call to action to break the reliance on unvalidated expert opinions by raising awareness of our decision environment and the development of context-specific feedback loops.

Everyone in the New School is a fan of feedback loops of one form or another. Hypothesis testing, learning, and calling out superstition are all forms of feedback loops.

One thing that Jay brings in that I hadn’t seen is the idea of kind and wicked learning environments. A kind environment is one in which you can quickly get good feedback on things experts agree will help you improve. (Did you fall off the bike?) An unkind environment is, amongst other things, one where feedback comes later, if at all. Jay has a table. It’s on page 2.

You should find Jay’s article here: “A Call to Arms: It’s Time to Learn Like Experts“, or his short blog here.

Twitter Weekly Updates for 2011-11-27

Powered by Twitter Tools

Relentless navel gazing, part MCXII

Two changes here at Emergent Chaos this weekend: first, a new, variable width theme which is a little tighter, so there’s more on a screen. Second, I’ve moved the twitter summary to weekly, as comments were running about 50-50 on the post asking for opinion. I think that may be a better balance.

And a bonus third: someone else’s navel for you to gaze at:

cute belly button