The photo matching software is used to detect possible DL fraud or identity theft. The reasoning behind the requirement is that the software performs better if the images have “neutral facial expressions” and it’s easier to get people to conform to the software rather than the reverse (a rant for another day). However, from the article I get the impression that most states don’t consider that a problem. Maybe these four states should consider alternate vendors?

I don’t think this is a big issue, at least in isolation, but it did remind me of the bland society we’re trying to turn ourselves into. Fix the software, don’t tell people they can’t smile.

What did annoy me was this:

Elaine Mullen of Great Falls, Va., bristled at the policy while renewing her license until she heard the reasoning. “It’s probably safer from a national-security point of view,” she says.

First, it’s about fraud, not security. Second, I detest the way “national security” has become another code-phrase, like “think of the children”, that just shuts down any reasonable discussion and the immediate sacrificing of any rights and conveniences to the shrine of security theater. Arrrgh.

h/t: Schneier on Security: No Smiling in Driver’s License Photographs

image: Smiley.svg, Wikimedia Commons

Take a one eyed film maker, an unemployed engineer, and a vision for something that’s never been done before and you have yourself the EyeBorg Project. Rob Spence and Kosta Grammatis are trying to make history by embedding a video camera and a transmitter in a prosthetic eye. That eye is going in Robs eye socket, and will record the world from a perspective that’s never been seen before. –About, The EyeBorg Project

image: Natgoo, Prosthetic_right_eye.JPG, Wikimedia Commons

It’s not enough that you have to watch out for your camera-phone-armed friends and enemies who may catch you in a moment of indiscretion (check with Mr. Phelps), the rabid paparazzi who are continually hounding your trail, or the proliferating surveillance cameras — now you need to beware of any of the ubiquitous video screens in store-fronts, malls, groceries, gyms, …

Small cameras can now be embedded in the screen or hidden around it, tracking who looks at the screen and for how long. The makers of the tracking systems say the software can determine the viewer’s gender, approximate age range and, in some cases, ethnicity — and can change the ads accordingly. –When you watch these ads, the ads check you out (Yahoo! Tech)

Don’t worry. We’re assured that individuals aren’t identified, and no record is kept. Riiight — we all know how long that lasts.

But, just in case, our Congress is looking out for us. Ars Technica says, “Worried about someone taking pictures of you surreptitiously? A new bill would require all cell phone cameras to make that shutter-click noise so you’ll be warned when there’s a peeping tom in the locker room with you.” There is more entertaining commentary at Bruce Schneier’s security blog. Maybe just add a “whirring” sound for any active video recording?

However, if you’re a big-enough phone company, you can just get your own laws passed. Snarky comments on Slashdot at In Finland, Nokia May Get Its Own Snooping Law.

But the police, at least in the UK, won’t have to worry about any of this. The British Journal of Photography reports that a new law to take affect later this month, if violated, could make a photographer “liable to imprisonment for up to 10 years, and to a fine” for taking pictures of officers. Of course, this only applies if the pictures are “likely to be useful to a person committing or preparing an act of terrorism”. Riiight.

image: Janeznovak, Studijskifotoaparat.JPG, Wikimedia Commons
image: Kurmis, Braun_HF_1.jpg, Wikimedia Commons
image: Svajcr, Diaphragm_shutter_opening.jpg, Wikimedia Commons

Next year in California, state regulators are likely to have the emergency power to control individual thermostats, sending temperatures up or down through a radio-controlled device that will be required in new or substantially modified houses and buildings to manage electricity shortages. – Felicity Barringer, California Seeks Thermostat Control, The New York Times

Note that “required”. Personally, I think this is a bad idea for several reasons, general principles not least among them. My first thought is that it would be trivially easy to defeat — so will “tampering” with your home environment now become a criminal offense?

There’s also the possibility of someone hacking into the control system — say, bringing down the power grid by setting everyone’s thermostat to 90 in winter, or 60 in the summer. According to the article: ‘That is not possible, said Nicole Tam, a spokeswoman for P.G.& E. who works with the pilot program in Stockton. Radio pages “are encrypted and encoded,” Ms. Tam said.’

Hmm. Encrypted and encoded. Wow. Some of the security aspects are discussed at Schneier on Security: Remote-Controlled Thermostats.

I’m not quite sure how to characterize the two views, but roughly they are
* submit to the rules, it’s easy to comply, otherwise you’re a pain in the ass for everyone else
* how dare you subject me to these useless, asinine security theater contortions

As I’ve stated elsewhere, “Ultimately, if you are allowed to travel at all, it will be in a pod, naked and sedated.” After all, that would be much more effective than the current efforts to “screen” passengers.

I’ve selected some quotes from the comments; go to the post itself to get the full effect.

First, to set the scene, someone relates their experience:

Last week I had to take off my shoes, put those in a plastic tray. Unzip my laptop bag, take out my computer, put it in a separate plastic tray, zip up my computer bag. Unzip my suitcase, take out my one-quart zip-lock baggie with hair gel, rezip my suitcase, put the baggie in the tray with my shoes. Take off my watch, put it and my cell phone and foil-wrapped LifeSavers mints in the little plastic bowl. Walk through the scanner holding my boarding pass, set off the alarm, go back out, take off my belt and put it in the plastic tray with my shoes, and go through the scanner again. Next, wait in line for my various bags and plastic trays and bowl to emerge from the conveyer belt. Unzip my computer bag, stuff the laptop inside, zip it back up. Unzip my suitcase, stuff the zip-lock baggie back in, zip it back up. Grab my cell, mints, watch, and stuff them all back in my pocket. Hop on one foot at a time putting my loafers back on. Put my belt back on so my pants don’t fall down.

An impatient traveller responds with “just STFU and wait in line”.

An anonymous DHS employee suggests

The best way to deal with this is to THINK. Whether or not they use it, every human reading this was issued a brain at the factory. If you have a chance to plan ahead with what you’re taking on the plane, pack in your checked baggage EVERYTHING that would cause you an issue with carry-on baggage. Do you REALLY need that roll of Life-Savers on the plane? Will you just DIE if you have that cellphone car-cord in your checked suitcase instead of with your laptop?

On the subject of laptops: yes, you have to take them out of the bag. Is that REALLY such a problem? If it is, then take your whiny butt to a store that sells one of the new “TSA Approved” bags that unzips to fold the computer out into a separate scan zone. Your wallet will cheerfully suffer the few dollars in the interest of getting your precious lappy through the nasty screeners without it having to be exposed to that nasty airport air.

Get over yourselves, people. The easiest thing to do is to make everyone’s experience as quick as possible. Just because YOU have an issue with the screening, doesn’t mean that anyone else BEHIOND your whiny butt wants to wait for your petty tantrum.

Finish the screening and GET OUT OF THE WAY.

To which someone responds “‘Is that REALLY such a problem?’ Yes it is. How dare you even ask that question? How dare you defend these asinine policies?”.

Later someone says

Awww… poor baby!

If you can’t show up at the airport with your stuff already in a plastic ziplock bag (or check luggage), and can’t empty your pockets real quick into the zipper pocket of your carryon laptop bag, and remove your laptop from the sleeve, plus take off your shoes, and unless you have a huge belt buckle your belt can stay on most of the time… if you can’t do that in under… I don’t know, 15 minutes, maybe you are retarded.

provoking the response

Thanks Anonymous! You have proven to us you can jump through hoops! Congratulations, you are now a dog!

Seriously though, nobody is debating that these measures are simply just a burden too heavy for the common traveler. If there was even a tiny little bit of all rules since 9/11 that actually wasn’t security theater and made the ride safer, well, a lot less people would be complaining.

And of course there’s the obligatory “they aren’t making you fly” response

It’s not like the TSA is stopping your car or coming to your home.

No one is forcing you to fly. You have other methods of travel that do not subject you to what the TSA does, whether or not you think it’s just theatrics.

You know the rules before you hit the airport. You still have the choice of going or not. If you go and know the rules beforehand, you lose the right to complain.

h/t: Schneier, Talk to the TSA
image: MAKE Blog

Regulations already prohibit starting out with a variety of innocuous materials (shampoo), over-zealous policy enforcement prohibits “inappropriate” dress (Transformer t-shirts) , and economic pressure is exerted to limit the amount of luggage you carry.

If you carry electronic devices, you may be required to power them up to demonstrate that they are really what they seem to be, so you better have fully charged batteries … except that there is a limit on the number of batteries you can pack.

In this physical realm you can avoid some of the hassle (but not the stupidity) by judicious packing, shipping some items to your destination, and renting (or purchasing) things after arrival. Even if you have to discard material, or have property seized, it is replaceable.

However, much of what is important to us is information: vacation photos, autographed playbills, company documents, medical information, receipts, music, videos; a mix of digital data and bits of physical paper.

Back in April or May I ranted (offline) about the seizure of laptops. However, the Department of Homeland Security has recently disclosed their policy on information seizure. I hadn’t realized how broad that policy was.

Bruce Schneier, in “U.S. Government Policy for Seizing Laptops at Borders“, says “The U.S. government has published its policy: they can take your laptop anywhere they want, for as long as they want, and share the information with anyone they want…” He concludes with “Although honestly, the best thing is probably to keep your encrypted archives on some network drive somewhere, and download what you need after you cross the border.”

Although we’ve not yet reached the Johnny Mnemonic level of data couriers, I can imagine a market for hypoallergenic, bio-safe data storage devices which can be swallowed or inserted into various body orifices. That brings a whole new meaning to the phrase “thumb up your ass”. That might work until the introduction of mandatory cavity searches and whole-body X-rays for everyone.

But it doesn’t stop there. According to the Washington Post article “Travelers’ Laptops May Be Detained At Border“,

Federal agents may take a traveler’s laptop computer or other electronic device to an off-site location for an unspecified period of time without any suspicion of wrongdoing, as part of border search policies the Department of Homeland Security recently disclosed.

…

The policies state that officers may “detain” laptops “for a reasonable period of time” to “review and analyze information.” This may take place “absent individualized suspicion.”

The policies cover “any device capable of storing information in digital or analog form,” including hard drives, flash drives, cellphones, iPods, pagers, beepers, and video and audio tapes. They also cover “all papers and other written documentation,” including books, pamphlets and “written materials commonly referred to as ‘pocket trash’ or ‘pocket litter.’ ”

Note carefully that it includes just about anything, whether digital or paper.

Michael Chertoff, Secretary of Homeland Security, in the USA Today op-ed “Searches are legal, essential“, mentioned the usual tropes of “violent jihadist materials” and “child pornography”, but the actual policy [PDF] says

For example, examinations of documents and electronic devices are a crucial tool for detecting information concerning terrorism, narcotics smuggling, and other national security matters; alien admissibility; contraband including child pornography, monetary instruments, and information in violation of copyright or trademark laws; and evidence of embargo violations or other import or export control laws.

So, if they can’t get you on terrorist activity, they’ll get you for copyright violation. I hope all your DRM is up to date.

I fear we are rapidly approaching a dystopia similar to Fahrenheit 451 where the only safe data is what you have memorized and NOT committed to storage. From the Wikipedia plot summary: “Fahrenheit 451 takes place in an unspecified future time in a hedonistic and rabidly anti-intellectual America that has completely abandoned self-control, filled with lawlessness in the streets, from teenagers crashing cars into people to firemen at Montag’s station who set their mechanical hound to hunt various animals for the simple and grotesque pleasure of watching them die. Anyone caught reading books is, at the minimum, confined to a mental hospital while the books are burned. Illegal books mainly include famous works of literature, such as Whitman and Faulkner, as well as The Bible, and all historical texts.”

The Future’s So Bright, I Gotta Wear Shades.

image: Slashdot

• most malware infections (93%) occur on home users’ computers
• around one in four personal computers in the US – or 59 million – is already infected with malware
• a botnet — can now be rented for as little as as 33 cents per machine
• [criminals use t]hese [zombie] machines to send out roughly 80% of all spam
  and to attack commercial websites and other internet-linked systems with meaningless traffic as part of extortion schemes

Folks, it’s your fault (or about 25% of you, anyway) for not keeping your machines safe. Fix the damn things, or turn them off!

h/t: Mountains of Malware, Technocrat
image: Uncle Sam (pointing finger).jpg, Wikimedia Commons

Imagine the scenario at some other checkpoint: “But Officer, I have no idea how that got in my luggage! Oh, wait … I bet Tokyo Customs put it there! Yeah, that’s it!” Shortly after that you hear an officer’s cynical laugh and the click of handcuffs on your wrists.

image: Marijuana.jpg, Wikipedia Commons
h/t: Greg Laden, Science Blogs

Using receivers deployed throughout a building. the system tracks handsets via triangulation. It’s accurate to within a few feet, enough to tell which individual stores are visited, and for how long.

The system tracks phones by the unique IMEI code, so technically[1] no personal information is gathered. The surveillance system simply monitors the radio traffic from handsets directly, not going through the phone network.

But actually there are two sets of data:

* Shopping mall: IMEI -> anonymous shopping spree
* Phone company: IMEI -> particular customer[2]

It’s only a SMOP to tie these two data sets together. Not that anyone (or any company (or any organization)) would ever have access to both sets of data. Don’t even think that. It could never happen. After all, there are rules.

Among other fascinating details, the article says, “Sharon Biggar, [Path Intelligence]‘s chief operating officer, said that one of the stores which had already deployed the receivers did not want its name revealed for fear of alarming its customers.”

Are you afraid of alarming your customers? I think that is called a clue.

[1] Technically: A noise-word that’s meant to alleviate fear and suspicion. Contrast with practically or reality.
[2] Technically, the IMEI isn’t tied to the customer, but many network and feature sets require them to be correlated.

A meat producer wanted to do its own tests for BSE, primarily so it could sell overseas, but the USDA forbids it. A government attorney argued that it could hurt the U.S. cattle industry.

But only a tiny fraction of US cattle is tested and the cattle industry has strenuously resisted any calls for better coverage. You would think that an enterprising meatpacker would test their own products and market it as safe, thus gaining a competitive advantage, especially in export markets highly sensitive to the BSE problem, like Japan. You would be wrong. Not because it isn’t a good idea but because the US Department of Agriculture (USDA) forbids the practice. We’ve discussed it three times here in the context of a Kansas company trying to test its own cattle and being told it cannot.

–Now keeping us safe is illegal, too, Effect Measure

That reminded me of the “sensor permits” legislation that was under discussion in New York in early 2008.

At the suggestion of the federal Department of Homeland Security, New York City Council members have drafted legislation requiring anyone who has or uses a detector that measures chemical, biological or radioactive agents to get a license from the Police Department.

–Chillrud, O’Mullan, McGillis; Sensor Deprivation; New York Times