Category Archives: security

Switching people off

A very interesting development has been reported in the discovery of how consciousness works, where neuroscientists stimulating a particular brain region were able to switch a woman’s state of awareness on and off. They said: “We describe a region in the human brain where electrical stimulation reproducibly disrupted consciousness…”

http://www.newscientist.com/article/mg22329762.700-consciousness-onoff-switch-discovered-deep-in-brain.html.

The region of the brain concerned was the claustrum, and apparently nobody had tried stimulating it before, although Francis Crick and Christof Koch had suggested the region would likely be important in achieving consciousness. Apparently, the woman involved in this discovery was also missing some of her hippocampus, and that may be a key factor, but they don’t know for sure yet.

Mohamed Koubeissi and his the team at the George Washington university in Washington DC were investigating her epilepsy and stimulated her claustrum area with high frequency electrical impulses. When they did so, the woman lost consciousness, no longer responding to any audio or visual stimuli, just staring blankly into space. They verified that she was not having any epileptic activity signs at the time, and repeated the experiment with similar results over two days.

The team urges caution and recommends not jumping to too many conclusions. They did observe the obvious potential advantages as an anesthesia substitute if it can be made generally usable.

As a futurologist, it is my job to look as far down the road as I can see, and imagine as much as I can. Then I filter out all the stuff that is nonsensical, or doesn’t have a decent potential social or business case or as in this case, where research teams suggest that it is too early to draw conclusions. I make exceptions where it seems that researchers are being over-cautious or covering their asses or being PC or unimaginative, but I have no evidence of that in this case. However, the other good case for making exceptions is where it is good fun to jump to conclusions. Anyway, it is Saturday, I’m off work, so in the great words of Dr Emmett Brown in ‘Back to the future':  “Well, I figured, what the hell.”

OK, IF it works for everyone without removing parts of the brain, what will we do with it and how?

First, it is reasonable to assume that we can produce electrical stimulation at specific points in the brain by using external kit. Trans-cranial magnetic stimulation might work, or perhaps implants may be possible using injection of tiny particles that migrate to the right place rather than needing significant surgery. Failing those, a tiny implant or two via a fine needle into the right place ought to do the trick. Powering via induction should work. So we will be able to produce the stimulation, once the sucker victim subject has the device implanted.

I guess that could happen voluntarily, or via a court ordered protective device, as a condition of employment or immigration, or conditional release from prison, or a supervision order, or as a violent act or in war.

Imagine if government demands a legal right to access it, for security purposes and to ensure your comfort and safety, of course.

If you think 1984 has already gone too far, imagine a government or police officer that can switch you off if you are saying or thinking the wrong thing. Automated censorship devices could ensure that nobody discusses prohibited topics.

Imagine if people on the street were routinely switched off as a VIP passes to avoid any trouble for them.

Imagine a future carbon-reduction law where people are immobilized for an hour or two each day during certain periods. There might be a quota for how long you are allowed to be conscious each week to limit your environmental footprint.

In war, captives could have devices implanted to make them easy to control, simply turned off for packing and transport to a prison camp. A perimeter fence could be replaced by a line in the sand. If a prisoner tries to cross it, they are rendered unconscious automatically and put back where they belong.

Imagine a higher class of mugger that doesn’t like violence much and prefers to switch victims off before stealing their valuables.

Imagine being able to switch off for a few hours to pass the time on a long haul flight. Airlines could give discounts to passengers willing to be disabled and therefore less demanding of attention.

Imagine  a couple or a group of friends, or a fetish club, where people can turn each other off at will. Once off, other people can do anything they please with them – use them as dolls, as living statues or as mannequins, posing them, dressing them up. This is not an adult blog so just use your imagination – it’s pretty obvious what people will do and what sorts of clubs will emerge if an off-switch is feasible, making people into temporary toys.

Imagine if you got an illegal hacking app and could freeze the other people in your vicinity. What would you do?

Imagine if your off-switch is networked and someone else has a remote control or hacks into it.

Imagine if an AI manages to get control of such a system.

Having an off-switch installed could open a new world of fun, but it could also open up a whole new world for control by the authorities, crime control, censorship or abuse by terrorists and thieves and even pranksters.

 

 

Google is wrong. We don’t all want gadgets that predict our needs.

In the early 1990s, lots of people started talking about future tech that would work out what we want and make it happen. A whole batch of new ideas came out – internet fridges, smart waste-baskets, the ability to control your air conditioning from the office or open and close curtains when you’re away on holiday. 25 years on almost and we still see just a trickle of prototypes, followed by a tsunami of apathy from the customer base.

Do you want an internet fridge, that orders milk when you’re running out, or speaks to you all the time telling you what you’re short of, or sends messages to your phone when you are shopping? I certainly don’t. It would be extremely irritating. It would crash frequently. If I forget to clean the sensors it won’t work. If I don’t regularly update the software, and update the security, and get it serviced, it won’t work. It will ask me for passwords. If my smart loo notices I’m putting on weight, the fridge will refuse to open, and tell the microwave and cooker too so that they won’t cook my lunch. It will tell my credit card not to let me buy chocolate bars or ice cream. It will be a week before kitchen rage sets in and I take a hammer to it. The smart waste bin will also be covered in tomato sauce from bean cans held in a hundred orientations until the sensor finally recognizes the scrap of bar-code that hasn’t been ripped off. Trust me, we looked at all this decades ago and found the whole idea wanting. A few show-off early adopters want it to show how cool and trendy they are, then they’ll turn it off when no-one is watching.

EDIT: example of security risks from smart devices (this one has since been fixed) http://www.bbc.co.uk/news/technology-28208905

If I am with my best friend, who has known me for 30 years, or my wife, who also knows me quite well, they ask me what I want, they discuss options with me. They don’t think they know best and just decide things. If they did, they’d soon get moaned at. If I don’t want my wife or my best friend to assume they know what I want best, why would I want gadgets to do that?

The first thing I did after checking out my smart TV was to disconnect it from the network so that it won’t upload anything and won’t get hacked or infected with viruses. Lots of people have complained about new adverts on TV that control their new xBoxes via the Kinect voice recognition. The ‘smart’ TV receiver might be switched off as that happens. I am already sick of things turning themselves off without my consent because they think they know what I want.

They don’t know what is best. They don’t know what I want. Google doesn’t either. Their many ideas about giving lots of information it thinks I want while I am out are also things I will not welcome. Is the future of UI gadgets that predict your needs, as Wired says Google thinks? No, it isn’t. What I want is a really intuitive interface so I can ask for what I want, when I want it. The very last thing I want is an idiot device thinking it knows better than I do.

We are not there yet. We are nowhere near there yet. Until we are, let me make my own decisions. PLEASE!

Limits of ISIS terrorism in the UK

This is the 3rd article in my short series trying to figure out the level of terrorist danger ISIS poses in the UK, again comparing them with the IRA in the Northern Ireland ‘troubles’. (ISIS = Islamic State of Iraq and al-Sham. IRA = Irish Republican Army). I don’t predict the level it will actually get to, which depends on too many factors, only the limits if everything goes their way.

http://timeguide.wordpress.com/2014/06/22/isis-comparison-with-the-ira-conflict/ discussed the key difference, that ISIS is a religious group and the IRA was a nationalist one.

http://timeguide.wordpress.com/2014/06/25/a-pc-roost-for-terrorist-chickens/ then discusses the increased vulnerability in the UK now thanks to ongoing political correctness.

IRA

Wikipedia says: The Provisional IRA’s armed campaign, primarily in Northern Ireland but also in England and mainland Europe, caused the deaths of approximately 1,800 people. The dead included around 1,100 members of the British security forces, and about 640 civilians.

It also gives a plausible estimate of the number of its members :

By the late 1980s and early 1990s, it was estimated that in the late 1980s the IRA had roughly 300 members in Active Service Units and about another 450 serving in supporting roles [such as "policing" nationalist areas, intelligence gathering, and hiding weapons.]

Sinn Fein, (which was often called the IRA’s ‘political wing’) managed to get 43% support from the nationalist community at its peak in 1981 after the hunger strikes. Provisional IRA approval ratings sat at around 30%. Supporting violence is not the same as supporting use of political means – some want to fight for a cause but won’t do so using violence. That 30% yields an IRA supporter population of around 75,000 from 245,000 nationalist voters. So, from a supporter population of 75,000, only 300 were in IRA active service units and 450 in supporting roles at any particular time, although thousands were involved over the whole troubles. That is a total of only 1% of the relevant population from which they were drawn – those who supported violent campaigns. Only 0.4% were in active service units, i.e actual terrorists. That is an encouragingly small percentage.

ISIS

Government estimate of the number of young men from the UK that went overseas to fight with ISIS is around 500. According to a former head of MI6, 300 have returned already. Some of those will be a problem and some will have lost sympathy with the cause, just as some men joined the IRA and later left, all the way through the troubles. Some will not have gone overseas and therefore can’t be identified and tracked the same way. Over time, ISIS will attempt to recruit more to the cause, and some will drop out. I can’t find official estimates of numbers but there are ways of making such estimates.

Building on Paddy Ashdown’s analogy with the IRA, the same kinds of young men will join ISIS as those who joined the IRA – those with no hope of status or fame or glory from their normal lives who want to be respected and be seen as heroic rebel fighters by holding a weapon, who are easy prey for charismatic leaders with exciting recruitment campaigns. The UK Muslim young men community faces high unemployment.

ISIS draws its support from the non-peace-loving minority of the Muslim community. Citing Wikipedia again, a Pew Research Centre poll showed 72% of Muslims worldwide said violence against civilians is never justified, surprisingly similar to the equivalent 70% found in the Nationalist community in Northern Ireland. They also found in the US and UK that over 1 in 4 Muslims think suicide bombing is sometimes justified, not very different from the world-wide level. (A 2006 survey by NOP found that only 9% of UK Muslims supported violence. Whether attitudes have changed or it is just the way questions are asked is anyone’s guess; for now, I’ll run with both, the calculations are easy.

The 25-30% figures are similar to the situation in Northern Ireland in spite of quite different causes. I lived a third of my life in Belfast and I don’t think the people there generally are any less civilized than people here in England. Maybe it’s just human nature that when faced with a common grievance, 25-30% of us will consider that violence is somewhat acceptable against civilians and support a sub-population of 0.4% terrorists fighting on our behalf.

On the other hand, the vast majority of 70%+ of us are peace-loving. A glass half full or half empty, take your pick.

The UK Muslim community is around 3 million, similar to the USA in fact. 28% of that yields a potential supporter population of  840,000. The potential terrorist 1% of that is 8,400 and 0.4% is 3,360.  If we’re optimistic and take NOP’s 2006 figure of 9% supporting violence, then 270,000 people would be supporting 1080 terrorists if the right terrorist group were to appear in the right circumstances with the right cause and the right leaders and good marketing and were to succeed in its campaigning. That puts an upper limit for extreme Islamist terrorism in the UK at between 3 and 11 times as big as the IRA was at its peak if everything goes its way.

However, neither is the actual number of UK ISIS terrorists, only the potential number of terrorists available if the cause/motivation is right, if the community buys into it, if the ISIS leaders are charismatic, and if they do their marketing well in their catchment communities. So far, 500 have emerged and actually gone off to fight with ISIS, 300 have returned. We don’t know how many stayed here or are only thinking of joining up, or aren’t even thinking of it but might, and we don’t know what will happen that might aggravate the situation and increase recruitment. We don’t know how many will try to come here that aren’t from the UK. There are plenty of ‘known unknowns’.

Some of the known unknowns  are good ones though – it isn’t all scary. In the Middle East, ISIS has clear objectives and controls cities, arms and finance. They say they want to cause problems here too, but they’re a bit busy right now, they don’t have a clear battle to fight here, and most of all our Muslim community doesn’t want to be the source of large scale terrorism so isn’t likely to be cooperative with such an extremist and barbaric group as ISIS. Their particular style of barbarism and particularly extremist views are likely to put off many who might consider supporting another extremist Islamist group. There also isn’t an easy supply of weapons here. All these work in our favor and will dampen ISIS efforts.

So the magnitude of the problem will come down to the relative efforts of our security forces, the efforts of the peace-loving Muslim majority to prevent young men being drawn towards extremism, and the success of ISIS marketing and recruitment. We do know that we do not want 3,360 home-grown ISIS terrorists wandering around the UK, or a similar number in the USA.

Finally, there are two sides to every conflict. ISIS terrorism would likely lead to opposing paramilitary groups. As far as their potential support base goes, ‘Far right’ parties add up to about 2%, about 1.25 million, but I would guess that a much higher proportion of an extremist group supports violence than the general population, so some hand-waving suggests that a similarly sized opposition supporter population terrorist group is not unlikely. We know from elsewhere in Ireland and other EU countries that that 2% could grow to the 25-30% we saw earlier if our government really loses control. In the USA, the catchment group on the ISIS side is still only the same size as the UK, but the potential armed resistance to them is far greater.

In summary, ISIS is potentially a big problem, with 300 home grown potential ISIS terrorists already here in the UK and trained, hundreds being trained overseas and an unknown quantity not yet on the radar. If all goes badly, that could grow to between 1000 and over 3000 active terrorists, compared to the IRA which typically only had 300 active terrorists at a time. Some recent trends have made us much more vulnerable, but there are also many other that lean against ISIS success.

I have a lot of confidence in our intelligence and security forces, who have already prevented a great many potential terrorist acts. The potential magnitude of the problem will keep them well-motivated for quite a while. There is a lot at stake, and ISIS must not get UK terrorism off the ground.

 

A PC roost for terrorist chickens

Political correctness as a secular religion substitute

Being politically correct makes people feel they are good people. It provides a secular substitute for the psychological rewards people used to get from being devoutly religious, a self-built pedestal from which to sneer down on others who are not compliant with all the latest politically correct decrees. It started out long ago with a benign goal to protect abused and vulnerable minorities, but it has since evolved and mutated into a form of oppression in its own right. Surely we all want to protect the vulnerable and all want to stamp out racism, but political correctness long left those goals in the dust. Minorities are often protected without their consent or approval from things they didn’t even know existed, but still have to face any consequent backlash when they are blamed. Perceived oppressors are often victimized based on assumptions, misrepresentations and straw man analyses rather than actual facts or what they actually said. For PC devotees, one set of prejudices and bigotry is simply replaced by another. Instead of erasing barriers within society, political correctness often creates or reinforces them.

Unlike conventional religion, which is largely separated from the state and allows advocates to indulge with little effect on others, political correctness has no such state separation, but is instead deeply integrated into politics, hence its name. It often influences lawmakers, regulators, the media, police and even the judiciary and thereby incurs a cost of impact on the whole society. The PC elite standing on their pedestals get their meta-religious rewards at everyone’s expense, usually funded by the very taxpayers they oppress.

Dangers

Political correctness wouldn’t exist if many didn’t want it that way, but even if the rest of us object to it, it is something we have learned to live with. Sometimes however, denial of reality, spinning reasoning upside down or diverting attention away from unpleasant facts ceases to be just irritating and becomes dangerous. Several military and political leaders have recently expressed grave concerns about our vulnerability to a new wave of terrorism originating from the current Middle East problems. Even as the threat grows, the PC elite try to divert attention to blaming the West, equating moralities and cultural values and making it easier for such potential terrorism to gestate. There are a number of trends resulting from PC and together they add to the terrorist threats we’re currently facing while reducing our defenses, creating something of a perfect storm. Let’s look at some dangers that arise from just three PC themes – the worship of diversity, the redefining of racism, and moral equivalence and see some of the problems and weaknesses they cause. I know too little about the USA to make sensible comment on the exact situation there, but of course they are also targets of the same terrorist groups. I will talk about the UK situation, since that is where I live.

Worship of diversity

In the UK, the Labour Party admitted that they encouraged unchecked immigration throughout their time in power. It is now overloading public services and infrastructure across the UK, and it was apparently done ‘to rub the Conservatives’ noses in diversity’ (as well as to increase Labour supporter population). With EC policy equally PC, other EU countries have had to implement similar policies. Unfortunately, in their eagerness to be PC, neither the EC nor Labour saw any need to impose any limits or even a points system to ensure countries get the best candidates for their needs.

In spite of the PC straw man argument that is often used, the need for immigration is not in dispute, only its magnitude and sources. We certainly need immigration and most immigrants are just normal people just looking for a better life in the UK or refugees looking for safety from overseas conflicts. No reasonable person has any problem with immigration per se, nor the color of the immigrants, but any debate about immigration only last seconds before someone PC throws in accusations of racism, which I’ll discuss shortly. I think I am typical of most British people in being very happy to have people of all shades all around me, and would defend genuine efforts to win equality, but I still think we should not allow unlimited immigration. In reality, after happily welcoming generations of immigrants from diverse backgrounds, what most people see as the problem now is the number of people immigrating and the difficulties it makes for local communities to accommodate and provide services and resources for them, or sometimes even to communicate with them. Stresses have thus resulted from actions born of political correctness that was based on a fallacy, seeking to magnify a racism problem that had almost evaporated. Now that PC policy has created a situation of system overload and non-integration, tensions between communities are increasing and racism is likely to resurface. In this case, PC has already backfired, badly. Across the whole of Europe, the consequences of political correctness have led directly to increased polarization and the rise of extremist parties. It has achieved the exact opposite of the diversity utopia it originally set out to achieve. Like most British, I would like to keep racism consigned to history, but political correctness is resurrecting it.

There are security problems too. A few immigrants are not the nice ordinary people we’d be glad to have next door, but are criminals looking to vanish or religious extremists hoping to brainwash people, or terrorists looking for bases to plan future operations and recruit members. We may even have let in a few war criminals masquerading as refugees after their involvement in genocides. Nobody knows how many less-than-innocent ones are here but with possibly incompetent and certainly severely overworked border agencies, at least some of the holes in the net are still there.

Now that Edward Snowden has released many of the secrets of how our security forces stay on top of terrorism and the PC media have gleefully published some of them, terrorists can minimize their risk of being caught and maximize the numbers of people harmed by their activities. They can also immigrate and communicate more easily.

Redefining Racism

Racism as originally defined is a mainly historic problem in the UK, at least from the host community (i.e. prejudice, discrimination, or antagonism directed against someone of a different race based on the belief that one’s own race is superior). On that definition I have not heard a racist comment or witnessed a racist act against someone from an ethnic minority in the UK for well over a decade (though I accept some people may have a different experience; racism hasn’t vanished completely yet).

However, almost as if the main purpose were to keep the problem alive and protect their claim to holiness, the politically correct elite has attempted, with some legal success, to redefine racism from this ‘treating people of different race as inferior’, to “saying anything unfavorable, whether factual or not, to or about anyone who has a different race, religion, nationality, culture or even accent, or mimicking any of their attributes, unless you are from a protected minority. Some minorities however are to be considered unacceptable and not protected”. Maybe that isn’t how they might write it, but that is clearly what they mean.

I can’t buy into such a definition. It hides true racism and makes it harder to tackle. A healthy society needs genuine equality of race, color, gender, sexuality and age, not privileges for some and oppression for others.

I don’t believe in cultural or ideological equality. Culture and ideology should not be entitled to the same protection as race or color or gender. People can’t choose what color or nationality they were born, but they can choose what they believe and how they behave, unless oppression genuinely prevents them from choosing. We need to clearly distinguish between someone’s race and their behavior and culture, not blur the two. Cultures are not equal. They differ in how they treat people, how they treat animals, their views on democracy, torture, how they fight, their attitudes to freedom of speech and religion. If someone’s religion or culture doesn’t respect equality and freedom and democracy, or if it accepts torture of people or animals, or if its fighters don’t respect the Geneva Convention, then I don’t respect it; I don’t care what color or race or nationality they are.

Opinions are not all equally valid either. You might have an opinion that my art is every bit as good as Monet’s and Dali’s. If so, you’re an idiot, whatever your race or gender.

I can criticize culture or opinion or religion without any mention of race or skin color, distinguishing easily between what is inherited and what is chosen, between body and mind. No big achievement; so can most people. We must protect that distinction. If we lose that distinction between body and mind, there can be no right and wrong, and no justice. If you have freedom of choice, then you also have a responsibility for your choice and you should accept the consequences of that choice. If we can accept a wrong just because it comes from someone in a minority group or is approved of by some religion, how long will it be before criminals are considered just another minority? A recent UK pedophile scandal involved senior PC politicians supporting a group arguing for reduction of the age of consent to 10 and decriminalization of sex with young children. They didn’t want to offend the minority group seeking it, that wouldn’t have been politically correct enough. Although it was a long time ago, it still shows that it may only be a matter of time before being a pedophile is considered just another lifestyle choice, as good as any other. If it has happened once, it may happen again, and the PC climate next time might let it through.

Political correctness prevents civilized discussion across a broad field of academic performance, crime, culture and behavior and therefore prevents many social problems from being dealt with. The PC design of ‘hate crime’ with deliberately fuzzy boundaries generates excess censorship by officialdom and especially self-censorship across society due to fear of false accusation or accidentally falling foul of it. That undermines communication between groups and accelerates tribal divisions and conflict. Views that cannot be voiced can still exist and may grow more extreme and when finally given an outlet, may cause far greater problems.

PC often throws up a self-inflicted problem when a member of a minority group does or says something bad or clearly holds views that are also politically incorrect. PC media tries to avoid reporting any such occurrences, usually trying to divert attention onto another topic and accusing any other media that does deal with it of being racist or use their other weapon, the ad-hom attack. If they can’t avoid reporting it, they strenuously avoid any mention of the culprit’s minority group and if they can’t do that, will search for some way to excuse it, blame it on someone else or pretend it doesn’t matter. Although intended to avoid feeding racism, this makes it more difficult to get the debate necessary and can even increase suspicion of cover-ups and preferential treatment.

Indeed accusations of racism have become a powerful barrier to be thrown up whenever an investigation threatens to uncover any undesirable activity by a member of any ethnic or national minority and even more-so if a group is involved. For example, the authorities were widely accused of racism for investigating the ‘Trojan Horse’ stories, in a city that has already produced many of the recent UK additions to ISIS. Police need to be able to investigate and root out activities that could lead to more extremism and especially those that might be brainwashing kids for terrorism. A police force now terrified of being accused of being institutionally racist is greatly impeded when the race card is played. With an ever-expanding definition, it is played more and more frequently.

Moral relativism

It is common on TV to see atrocities by one side in overseas conflicts being equated to lesser crimes by the other. In fact, rather than even declaring equivalence, PC moral equivalence seemingly insists that all moral judgments are valued in inverse proportion to their commonality with traditional Western values. At best it often equates things from either side that really should not be equated. This creates a highly asymmetric playing field that benefits propaganda from terrorist groups and rogue regimes and undermines military efforts to prevent terrorist acts. It also decreases resistance to views and behaviors that undermine existing values while magnifying any grievance against the West.

PC media often gives a platform to extremists hoping to win new recruits, presumably so they can pretend to be impartial. While our security forces were doing their best to remove recruitment propaganda from the web, some TV news programs gleefully gave them regular free air time. Hate preachers have often been given lengthy interviews to put their arguments across.

The West’s willingness to defend itself is already greatly undermined after decades of moral equivalence eating away at any notion that we have something valuable or special to defend. Fewer and fewer people are prepared to defend our countries or our values against those who wish to replace liberal democracy with medieval tyranny. Our armies fight with threats of severe legal action and media spotlights highlighting every misjudgment on our side, while fighting against those who respect no such notions of civilized warfare.

Summary

Individually, these are things we have learned to live with, but added together, they put the West at a huge disadvantage when faced with media-savvy enemies such as ISIS. We can be certain that ISIS will make full use of each and every one of these PC weaknesses in our cultural defense. The PC chickens may come home to roost.

 

 

ISIS. Comparison with the IRA conflict

Paddy Ashdown just tweeted:

Young UK Muslims joining ISIS; no more typical of islam than young Catholic men joining the IRA, was typical of Catholocism.

It is very rare for me to tweet at politicians, but I think he is partly wrong this time (ignoring the twittery typos). So I responded, to the wrong bit.

IRA was drawn from IRISH Catholics for whom Ireland, not religion was their banner. ISIS is religious not geographic campaign.

I’ll also pick up on where he was right later. Paddy Ashdown is a brave ex-soldier, one of the elite. I normally listen carefully to what he says on TV, and he often makes a very good case, but he makes errors just like the rest of us, and has tinted glasses just like the rest of us. Occasionally he changes my mind on something, which is fine. However, it is a common misunderstanding among the British that the Northern Ireland ‘troubles’ were about religion. It was certainly a tribal conflict but it had mixed motivations. As an English Catholic living there through the troubles, changing religion and marrying across the divide, I got flak occasionally on both religion and nationality, but never any serious harm.

The IRA was fighting for a United Ireland, and drew its members and supporters from the Irish nationalist community, almost 100% of whom were Roman Catholic. Doubtless a few of the boys who joined up thought they were doing so to defend Catholics against protestants, but that wasn’t actually what the IRA stood for. The UDA and UVF drew their support from the protestant community, again with a mixed and variable brief of defending Protestantism, defending Ulster and keeping Northern Ireland British. The protestant community mostly descended from Scottish Presbyterians. The troubles were part sectarian and part about nationality, sovereignty and tribal descent. Because there was so much commonality of religious affiliation and being British or Irish, it often did degenerate into simple sectarianism, but that was never its primary driving force, which was whether Northern Ireland should remain British or revert to being part of a united Ireland. That is where Ashdown is wrong. ISIS may have its roots and some major goals in a geographic region but fundamentally it wants to further its cause of extreme Islamism as globally as it can, drawing its members from as wide an area as it can and to fight globally as far as it can. It is religious, not nationalist in its primary motivation.

Now to where Ashdown is right. The IRA and ISIS both draw their members from young men, easy to influence, and both organisations were good at marketing, motivating those young men to recruit and instilling fervor when they did. In both cases also, the young men came from a diverse cross section of the community. There were the intellectual types who had analysed it all and strongly bought in to the cause, and there were the less intellectual types who understood a more simplified message but really just wanted to be somebody, coming from areas offering little or no chance of life success or and chance of status, for whom picking up an Armalite of Kalashnikov rifle would make them someone, create at least the illusion of having respect and status.

The sorts of young men joining ISIS are probably doing so for diverse reasons too, but in their case, even the simplified messages are religious. A few will have fully understood and internalized the cause, many will have understood a very simplified message of doing their bit to defend Islam or Allah and becoming a martyr, but most probably just want to be someone, to have some status and respect. Sadly, very many of the young men joining ISIS will not fully understand what they are getting into or what they are meant to be fighting for. In that sense they are like the few young men who joined the IRA to defend Catholics against Protestants.

We may see this conflict coming to the UK. Our security forces expect people to try hard to make that happen, so they are on the case. Whether and to what degree they succeed we will see. If ISIS do manage to achieve some UK terrorism, we’re likely to see opposing paramilitary groups develop and grow. We’re already seeing a few contenders eager to size that role. If it gets badly out of control, it is possible that a Northern Ireland style conflict could result with extremist groups fighting against each other. The civilian population would be in the line of fire from both sides. Deaths would encourage young people to join up to have the chance to be heroes, and views can harden quickly, increasing the support base and the size of the community from which recruits can be drawn. In Northern Ireland, only a small number of men joined up to fight in the IRA, INLA, UDA or UVF, but there was a large community support behind them, which was occasionally estimated at around the 30% mark.

Our security forces know this risk and are doing their best to avoid it, taking down recruitment sites as fast as they can and trying to police movement across our borders. ISIS have also shown that they are good at the marketing side, managing to get lengthy adverts for their recruitment messages almost nightly on alarmingly cooperative national TV news programs. These news programs are helping to make it as seemingly cool and heroic to join ISIS as it ever was to join the IRA or its opposition. Terrorism can’t flourish without publicity, but these channels seem determined to give them it.

There’s another difference from the conflict in Northern Ireland. The paramilitaries in Northern Ireland didn’t normally decapitate their victims, and normally they would issue warnings before a bombing. ISIS make them look almost civilized.

As an after-thought, has the war on terrorism just mutated into a war on horrorism?

 

 

Time – The final frontier. Maybe

It is very risky naming the final frontier. A frontier is just the far edge of where we’ve got to.

Technology has a habit of opening new doors to new frontiers so it is a fast way of losing face. When Star Trek named space as the final frontier, it was thought to be so. We’d go off into space and keep discovering new worlds, new civilizations, long after we’ve mapped the ocean floor. Space will keep us busy for a while. In thousands of years we may have gone beyond even our own galaxy if we’ve developed faster than light travel somehow, but that just takes us to more space. It’s big, and maybe we’ll never ever get to explore all of it, but it is just a physical space with physical things in it. We can imagine more than just physical things. That means there is stuff to explore beyond space, so space isn’t the final frontier.

So… not space. Not black holes or other galaxies.

Certainly not the ocean floor, however fashionable that might be to claim. We’ll have mapped that in details long before the rest of space. Not the centre of the Earth, for the same reason.

How about cyberspace? Cyberspace physically includes all the memory in all our computers, but also the imaginary spaces that are represented in it. The entire physical universe could be simulated as just a tiny bit of cyberspace, since it only needs to be rendered when someone looks at it. All the computer game environments and virtual shops are part of it too. The cyberspace tree doesn’t have to make a sound unless someone is there to hear it, but it could. The memory in computers is limited, but the cyberspace limits come from imagination of those building or exploring it. It is sort of infinite, but really its outer limits are just a function of our minds.

Games? Dreams? Human Imagination? Love? All very new agey and sickly sweet, but no. Just like cyberspace, these are also all just different products of the human mind, so all of these can be replaced by ‘the human mind’ as a frontier. I’m still not convinced that is the final one though. Even if we extend that to greatly AI-enhanced future human mind, it still won’t be the final frontier. When we AI-enhance ourselves, and connect to the smart AIs too, we have a sort of global consciousness, linking everyone’s minds together as far as each allows. That’s a bigger frontier, since the individual minds and AIs add up to more cooperative capability than they can achieve individually. The frontier is getting bigger and more interesting. You could explore other people directly, share and meld with them. Fun, but still not the final frontier.

Time adds another dimension. We can’t do physical time travel, and even if we can do so in physics labs with tiny particles for tiny time periods, that won’t necessarily translate into a practical time machine to travel in the physical world. We can time travel in cyberspace though, as I explained in

http://timeguide.wordpress.com/2012/10/25/the-future-of-time-travel-cheat/

and when our minds are fully networked and everything is recorded, you’ll be able to travel back in time and genuinely interact with people in the past, back to the point where the recording started. You would also be able to travel forwards in time as far as the recording stops and future laws allow (I didn’t fully realise that when I wrote my time travel blog, so I ought to update it, soon). You’d be able to inhabit other peoples’ bodies, share their minds, share consciousness and feelings and emotions and thoughts. The frontier suddenly jumps out a lot once we start that recording, because you can go into the future as far as is continuously permitted. Going into that future allows you to get hold of all the future technologies and bring them back home, short circuiting the future, as long as time police don’t stop you. No, I’m not nuts – if you record everyone’s minds continuously, you can time travel into the future using cyberspace, and the effects extend beyond cyberspace into the real world you inhabit, so although it is certainly a cheat, it is effectively real time travel, backwards and forwards. It needs some security sorted out on warfare, banking and investments, procreation, gambling and so on, as well as lot of other causality issues, but to quote from Back to the Future: ‘What the hell?’ [IMPORTANT EDIT: in my following blog, I revise this a bit and conclude that although time travel to the future in this system lets you do pretty much what you want outside the system, time travel to the past only lets you interact with people and other things supported within the system platform, not the physical universe outside it. This does limit the scope for mischief.]

So, time travel in fully networked fully AI-enhanced cosmically-connected cyberspace/dream-space/imagination/love/games would be a bigger and later frontier. It lets you travel far into the future and so it notionally includes any frontiers invented and included by then. Is it the final one though? Well, there could be some frontiers discovered after the time travel windows are closed. They’d be even finaller, so I won’t bet on it.

 

 

The future of tolerance and equality

It’s amusing how words often mean the opposite of what they should intuitively mean. It started in trendy-speak when hot came to mean exactly the same as cool, when cool was still a word that was trendy. Wicked means good. Bad means good. Evil means good. Sick means good. Good no longer means good, but has been demoted and now means just about OK, but nothing special – that would be bad or wicked or sick.

The trouble is that it isn’t just children making their own words to rebel against authority. Adults abuse language too, and in far less innocent ways. People’s minds are structured using words, and if you can bend the meaning of a word after those concepts have been assembled, all the concepts built using that word will change too. So, fair sounds a nice sort of word; we all want everything to be fair; so if you can gain control of its meaning and bend it towards your campaign goal, you gain the weight of its feel-good factor and its pleasant associations. Supporting that goal then makes you feel a better sort of person, because it is fair. Unfortunately, ‘fair’ has been perverted to mean resource distribution where your supporters take as big a slice of the pie as possible. Ditto equality. It sounds good, so if you can spin your presentation to make your campaign for superiority appear as if you want everyone to be equal, you can get an Orwellian, Animal Farmy sort of support for it, with your pressure group becoming more equal than others. But then ‘equality’ really means everyone except you being oppressed.

As in Nineteen-eighty-four, Orwell’s Animal Farm was really observations on the politics of his day,  and how language is so easily subverted for political advantage, but marketing and politics techniques have only refined since then. The desire to win power and to use words to do so hasn’t gone away. I think our world today is closer to Orwell’s 1984 than most people want to believe. Censorship is a primary tool of course. Preventing discussion in entire fields of science, culture and politics is an excellent way of stopping people thinking about them. Censorship as a device for oppression and control is as powerful as any propaganda. When censorship isn’t appropriate, the use of words that mean the opposite of what they describe is a good way to redecorate an image to make it more appealing and spin doctors are ubiquitous in politics. A ‘liberal’ sounds like someone who supports freedom, but is actually someone who wants more things to be controlled by the state, with more regulation, less freedom. A ‘democrat’ sounds like it should describe someone who wants everyone to have an equal say but is often someone who wants dictatorship by their supporters and oppression of others. ‘Racist’ used to mean someone who considers people of one skin colour to be superior to those of another, so became a word no reasonable person wants thrown at them, but because it was so powerful a weapon, it has been mutated endlessly until it has become synonymous with ‘nationalist’. It is most often cited now when skin colour is the same and only culture or religion or nationality or even accent is different. Such is the magnitude of the language distortion that in the UK’s recent immigration debates, Europhiles who want to protect immigration privileges for white Europeans over Indians or Chinese or Africans were calling those who want to remove those privileges racist. A Conservative minister used the farcical argument that trying to limit European immigration is racist even though they are the same colour because it would be racist if they were black. This language perversion makes it much harder to eliminate genuine skin colour racism, which is still a significant problem. Racism flourishes. The otherwise intensely politically correct BBC’s Dr Who frequently features the hero or his allies making deeply offensive racist-like remarks about other species with different shapes. People and organisations that are certain of their own holiness often are the most prejudiced, but their blinkers are so narrowly aimed they just cant see it. That blindness now pervades our society.

It is tolerance and equality that are the biggest and most dangerous casualties of this word war. ‘Tolerant’ has evolved to mean extremely intolerant of anyone who doesn’t adopt the same political correctness and this new intolerance is growing quickly.  If you or your friends get something, it is a right, and removing it is a tax, but if the other lot get it, it is a privilege that ‘fairness’ demands should be removed. People will happily accuse an entire group of people of being highly prejudiced, without realizing that such a statement is prejudiced itself. It is common to watch debates where contributors make the most offensive remarks about people who they see as beneath contempt because they hold some much lesser prejudice about some group they support. They just don’t see the same trait magnified in themselves. That they don’t see it indicates that they haven’t really thought about it and have just accepted a view from someone or somewhere else, which shows just how powerful changing the words is. It is only when thinking the meaning through that the obvious contradictions appear, but the emotional content and impact of the words is superficial and immediate.

The new variety of militant atheists particularly have become very intolerant of religions because they say they are intolerant. They use the sanctimonious phrase ‘intolerant of intolerance’, but their intolerance is just as bad as that which they condemn. They condemn religious believers for hypocrisy too but are blind to their own which is just as bad. Their religious fervor for their political correctness religion is as distasteful as any medieval religious persecution or inquisition. They may not physically burn people at a stake, but activists do as much damage to a person and their career and destroy their lives as far as they can, whilst believing they are somehow occupying some moral high ground. Religion may be dying out, but the very same nasty behaviors live on, just with different foundations for exactly the same sanctimony. This new politically correct community are just as sure of their 21st century piety as any medieval priest was of theirs, just as quick to look down on all those not sharing the same self-built pedestal, just as quick to run their own inquisitions.

PC activists demand tolerance and equality for their favored victim group and most reasonable people agree with tolerance and equality, but unlike most ordinary decent people, most activists don’t reciprocate it. Hypocrisy reigns, supported by an alarming apparent lack of self awareness. Surely reasonable people should accept others’ right to exist and accept that even if they might not agree with them they can agree to live peacefully alongside, to live and let live, like we used to until recently. Tolerance means putting up with people whose views you detest as well as those you love. Why have they forgotten that? Actually, they haven’t. Lack of self awareness isn’t the cause, not for activists. It isn’t the case that they’ve forgotten we need to get on, they just don’t want to any more. It is no longer a desire for peace and love and equality, but a desire for cultural supremacy and oppression of dissent.

The clue comes as we see that the new vigorous pursuit of ‘equality’  is too often a thinly disguised clamor for privilege, positive discrimination, quotas, special treatment and eventual superiority. That isn’t new of itself – there have always been fights for privilege – but lately it is often accompanied by oppression and vilification of anyone not supporting that particular campaign for privilege. Trying to win the high ground is one thing, but trying to eliminate everyone else from the entire hill is new. It is no longer enough to get equality. All other viewpoints must be eliminated. It isn’t enough that I should win – you must also lose. That which started as a reasonable desire that all should be equal in all ways has somehow mutated into an ugly tribal conflict where every tribe wants exclusive power and extermination of any tribes that don’t support their dictatorship.

This new intolerance is tribal conflict – less violent but every bit as nasty and aggressive, the sort that leads to violence if left unaddressed. It is war without the niceties of the Geneva convention. We see it manifesting itself in every dimension – political affiliation, age, gender, sexuality, race, culture, wealth, religion… It doesn’t use peaceful debate and open discussion and negotiation to get different groups living side by side on an equal basis. Instead, as I hinted in the first paragraph, seizing control over the meanings of words and distorting them is increasingly the weapon of choice to get a win instead of a draw. Mutual respect and the desire to live in peace, to live and let live, each to their own, has been usurped by assertion of superiority and demand for submission.

It has to stop. We must live together in peace, whatever our differing beliefs and attitudes. The nastiness has to go. The assault on language has to stop. We need to communicate and to do so on a level playing field, without censorship and without the insults. We need to assert genuine equality and tolerance, not play games with words. That isn’t some rose-tinted fluffy bunny dream. It is a recognition that the alternative is eventual civil conflict, the Great Western War that I’ve written about before. That won’t be fun.

See also http://timeguide.wordpress.com/2014/02/15/can-we-get-a-less-abusive-society/ and http://timeguide.wordpress.com/2013/12/19/machiavelli-and-the-coming-great-western-war/

 

 

 

 

Crippled by connectivity?

Total interconnection

The android OS inside my Google Nexus tablet terrifies me. I can work it to a point, but it seems to be designed by people who think in a very different way from me and that makes me feel very unsafe when using it. The result is that I only use my tablet for simple browsing of unimportant things such as news, but I don’t use it for anything important. I don’t even have my Google account logged in to it normally and that prevents me from doing quite a lot that otherwise I could.

You may think I am being overly concerned and maybe I am. Cyber-crime is high but not so high that hackers are sitting watching all your computers all day every day for the moment you drop your guard. On the other hand, automation allows computers to try very many computers frequently to see if one is open for attack and I’d rather they attacked someone else’s than mine. I also don’t leave house windows open when I go on holiday just because it is unlikely that burglars will visit my street during that time.

The problem is that there are too many apps that want you to have an account logged in before you can use them. That account often has multiple strands that allow you to buy stuff. Google’s account lets me buy apps and games or magazines on my tablet and I can’t watch youtube or access my email or go on Google+ without logging in to Google and that opens all the doors. Amazon lets me buy all sorts of things, ebay too. If you stay logged in, you can often buy stuff just by clicking a few times, you don’t have to re-enter lots of security stuff each time. That’s great except that there are links to those things in other web pages, lots of different directions by which I may approach that buying potential. Every time you install a new app, it gives you a list of 100 things it wants total authority to do for evermore. How can you possibly keep track of all those? On the good side, that streamlines life, making it easier to do anything, reducing the numbers of hoops you need to jump through to get access to something or buy something. On the bad side, it means there are far more windows and doors to check before you go out. It means you have an open window and all your money lying on the window ledge. It means there is always a suspicion that if you get a trojan or virus, it might be able to use those open logins to steal or spend your cash or your details.

When apps are standalone and you only have a couple that have spending capability, it is manageable, but when everything is interconnected so much, there are too many routes to access your cash. You cant close the main account session because so many things you want to do are linked to it and if you log out, you lose all the dependent apps. Also, without a proper keyboard, typing your fully alphanumeric passwords takes ages. Yes, you can use password managers, but that’s just another layer of security to worry about. Because I don’t ever feel confident on a highly unintuitive OS or even worse-designed apps that I know what I am doing, I want a blanket block on any spend from my tablet even while I am logged into accounts to access other stuff. I only want my tablet to be able to spend after it has warned me that it wants to, why, how much, where to, for what, and what extras there might be. Ever. I never want it to be able to spend just by me clicking on something or a friend’s kid clicking a next level button on a game.

It isn’t at all easy to navigate a lot of apps when they are written by programmers from Mars, whose idea of intuitive interface is to hide everything in the most obscure places behind the most obscure links. On a full PC, usually it’s obvious where the menus all are and what they contain. On a tablet, it is clearly a mark of programmer status to be able to hide them from anyone who hasn’t been on a user course. This is further evidenced by the number of apps that come with complaints about previous users leaving negative feedback, telling you not to moan until you’ve done this and that and another thing and basically accusing the users of being idiots. It really is quite simple. If an app is well-designed, it will be easy to use, and you won’t need to go on a user course first because it will be obvious how to work it at every menu, so there won’t be loads of customer moaning about how hard it is to do things on it. If you’re getting loads of bad user feedback, it isn’t your customers that are the idiots, it’s you.

Anyway, on my tablet, I am usually very far from sure where the menus might be that allow me to access account details or preferences or access authorizations, and when I do stumble across them, often it tells me that an account or an authorization is open, but doesn’t let me close it via that same page, leaving me to wander for ages looking elsewhere for the account details pages.

In short, obscure interfaces that give partial data and are interconnected far too much to other apps and services and preference pages and user accounts and utilities make it impossible for me to feel safe while I use a tablet logged in to any account with spending capability. If you use apps all the time you get used to them, but if you’re like me, and have zero patience, you tend to just abandon it when you find one that isn’t intuitive.

The endless pursuit of making all things connected has made all things unusable. It doesn’t take long for a pile of string to become tangled. We need to learn to do it right, and soon.

Really we aren’t there yet.

 

 

The future of biometric identification and authentication

If you work in IT security, the first part of this will not be news to you, skip to the section on the future. Otherwise, the first sections look at the current state of biometrics and some of what we already know about their security limitations.

Introduction

I just read an article on fingerprint recognition. Biometrics has been hailed by some as a wonderful way of determining someone’s identity, and by others as a security mechanism that is far too easy to spoof. I generally fall in the second category. I don’t mind using it for simple unimportant things like turning on my tablet, on which I keep nothing sensitive, but so far I would never trust it as part of any system that gives access to my money or sensitive files.

My own history is that voice recognition still doesn’t work for me, fingerprints don’t work for me, and face recognition doesn’t work for me. Iris scan recognition does, but I don’t trust that either. Let’s take a quick look at conventional biometrics today and the near future.

Conventional biometrics

Fingerprint recognition.

I use a Google Nexus, made by Samsung. Samsung is in the news today because their Galaxy S5 fingerprint sensor was hacked by SRLabs minutes after release, not the most promising endorsement of their security competence.

http://www.telegraph.co.uk/technology/samsung/10769478/Galaxy-S5-fingerprint-scanner-hacked.html

This article says the sensor is used in the user authentication to access Paypal. That is really not good. I expect quite a few engineers at Samsung are working very hard indeed today. I expect they thought they had tested it thoroughly, and their engineers know a thing or two about security. Every engineer knows you can photograph a fingerprint and print a replica in silicone or glue or whatever. It’s the first topic of discussion at any Biometrics 101 meeting. I would assume they tested for that. I assume they would not release something they expected to bring instant embarrassment on their company, especially something failing by that classic mechanism. Yet according to this article, that seems to be the case. Given that Samsung is one of the most advanced technology companies out there, and that they can be assumed to have made reasonable effort to get it right, that doesn’t offer much hope for fingerprint recognition. If they don’t do it right, who will?

My own experience with fingerprint recognition history is having to join a special queue every day at Universal Studios because their fingerprint recognition entry system never once recognised me or my child. So I have never liked it because of false negatives. For those people for whom it does work, their fingerprints are all over the place, some in high quality, and can easily be obtained and replicated.

As just one token in multi-factor authentication, it may yet have some potential, but as a primary access key, not a chance. It will probably remain be a weak authenticator.

Face recognition

There are many ways of recognizing faces – visible light, infrared or UV, bone structure, face shapes, skin texture patterns, lip-prints, facial gesture sequences… These could be combined in simultaneous multi-factor authentication. The technology isn’t there yet, but it offers more hope than fingerprint recognition. Using the face alone is no good though. You can make masks from high-resolution photographs of people, and photos could be made using the same spectrum known to be used in recognition systems. Adding gestures is a nice idea, but in a world where cameras are becoming ubiquitous, it wouldn’t be too hard to capture the sequence you use. Pretending that a mask is alive by adding sensing and then using video to detect any inspection for pulse or blood flows or gesture requests and then to provide appropriate response is entirely feasible, though it would deter casual entry. So I am not encouraged to believe it would be secure unless and until some cleverer innovation occurs.

What I do know is that I set my tablet up to recognize me and it works about one time in five. The rest of the time I have to wait till it fails and then type in a PIN. So on average, it actually slows entry down. False negative again. Giving lots of false negatives without the reward of avoiding false positives is not a good combination.

Iris scans

I was a subject in one of the early trials for iris recognition. It seemed very promising. It always recognized me and never confused me with someone else. That was a very small scale trial though so I’d need a lot more convincing before I let it near my bank account. I saw the problem of replication an iris using a high quality printer and was assured that that couldn’t work because the system checks for the eye being alive by watching for jitter and shining a light and watching for pupil contraction. Call me too suspicious but I didn’t and don’t find that at all reassuring. It won’t be too long before we can make a thin sheet high-res polymer display layered onto a polymer gel underlayer that contracts under electric field, with light sensors built in and some software analysis for real time response. You could even do it as part of a mask with the rest of the face also faithfully mimicking all the textures, real-time responses, blood flow mimicking, gesture sequences and so on. If the prize is valuable enough to justify the effort, every aspect of the eyes, face and fingerprints could be mimicked. It may be more Mission Impossible than casual high street robbery but I can’t yet have any confidence that any part of the face or gestures would offer good security.

DNA

We hear frequently that DNA is a superbly secure authenticator. Every one of your cells can identify you. You almost certainly leave a few cells at the scene of a crime so can be caught, and because your DNA is unique, it must have been you that did it. Perfect, yes? And because it is such a perfect authenticator, it could be used confidently to police entry to secure systems.

No! First, even for a criminal trial, only a few parts of your DNA are checked, they don’t do an entire genome match. That already brings the chances of a match down to millions rather than billions. A chance of millions to one sounds impressive to a jury until you look at the figure from the other direction. If you have 1 in 70 million chance of a match, a prosecution barrister might try to present that as a 70 million to 1 chance that you’re guilty and a juror may well be taken in. The other side of that is that 100 people of the 7 billion would have that same 1 in 70 million match. So your competent defense barrister should  present that as only a 1 in 100 chance that it was you. Not quite so impressive.

I doubt a DNA system used commercially for security systems would be as sophisticated as one used in forensic labs. It will be many years before an instant response using large parts of your genome could be made economic. But what then? Still no. You leave DNA everywhere you go, all day, every day. I find it amazing that it is permitted as evidence in trials, because it is so easy to get hold of someone’s hairs or skin flakes. You could gather hairs or skin flakes from any bus seat or hotel bathroom or bed. Any maid in a big hotel or any airline cabin attendant could gather packets of tissue and hair samples and in many cases could even attach a name to them.  Your DNA could be found at the scene of any crime having been planted there by someone who simply wanted to deflect attention from themselves and get someone else convicted instead of them. They don’t even need to know who you are. And the police can tick the crime solved box as long as someone gets convicted. It doesn’t have to be the culprit. Think you have nothing to fear if you have done nothing wrong? Think again.

If someone wants to get access to an account, but doesn’t mind whose, perhaps a DNA-based entry system would offer good potential, because people perceive it as secure, whereas it simply isn’t. So it might not be paired with other secure factors. Going back to the maid or cabin attendant. Both are low paid. A few might welcome some black market bonuses if they can collect good quality samples with a name attached, especially a name of someone staying in a posh suite, probably with a nice account or two, or privy to valuable information. Especially if they also gather their fingerprints at the same time. Knowing who they are, getting a high res pic of their face and eyes off the net, along with some voice samples from videos, then making a mask, iris replica, fingerprint and if you’re lucky also buying video of their gesture patterns from the black market, you could make an almost perfect multi-factor biometric spoof.

It also becomes quickly obvious that the people who are the most valuable or important are also the people who are most vulnerable to such high quality spoofing.

So I am not impressed with biometric authentication. It sounds good at first, but biometrics are too easy to access and mimic. Other security vulnerabilities apply in sequence too. If your biometric is being measured and sent across a network for authentication, all the other usual IT vulnerabilities still apply. The signal could be intercepted and stored, replicated another time, and you can’t change your body much, so once your iris has been photographed or your fingerprint stored and hacked, it is useless for ever. The same goes for the other biometrics.

Dynamic biometrics

Signatures, gestures and facial expressions offer at least the chance to change them. If you signature has been used, you could start using a new one. You could sign different phrases each time, as a personal one-time key. You could invent new gesture sequences. These are really just an equivalent to passwords. You have to remember them and which one you use for which system. You don’t want a street seller using your signature to verify a tiny transaction and then risk the seller using the same signature to get right into your account.

Summary of status quo

This all brings us back to the most basic of security practice. You can only use static biometrics safely as a small part of a multi-factor system, and you have to use different dynamic biometrics such as gestures or signatures on a one time basis for each system, just as you do with passwords. At best, they provide a simple alternative to a simple password. At worst, they pair low actual security with the illusion of high security, and that is a very bad combination indeed.

So without major progress, biometrics in its conventional meaning doesn’t seem to have much of a future. If it is not much more than a novelty or a toy, and can only be used safely in conjunction with some proper security system, why bother at all?

The future

You can’t easily change your eyes or your DNA or you skin, but you can add things to your body that are similar to biometrics or interact with it but offer the flexibility and replaceability of electronics.

I have written frequently about active skin, using the skin as a platform for electronics, and I believe the various layers of it offer the best potential for security technology.

Long ago, RFID chips implants became commonplace in pets and some people even had them inserted too. RFID variants could easily be printed on a membrane and stuck onto the skin surface. They could be used for one time keys too, changing each time they are used. Adding accelerometers, magnetometers, pressure sensors or even location sensors could all offer ways of enhancing security options. Active skin allows easy combination of fingerprints with other factors.

 

Ultra-thin and uninvasive security patches could be stuck onto the skin, and could not be removed without damaging them, so would offer a potentially valuable platform. Pretty much any kinds and combinations of electronics could be used in them. They could easily be made to have a certain lifetime. Very thin ones could wash off after a few days so could be useful for theme park entry during holidays or for short term contractors. Banks could offer stick on electronic patches that change fundamentally how they work every month, making it very hard to hack them.

Active skin can go inside the skin too, not just on the surface. You could for example have an electronic circuit or an array of micro-scale magnets embedded among the skin cells in your fingertip. Your fingerprint alone could easily be copied and spoofed, but not the accompanying electronic interactivity from the active skin that can be interrogated at the same time. Active skin could measure all sorts of properties of the body too, so personal body chemistry at a particular time could be used. In fact, medical monitoring is the first key development area for active skin, so we’re likely to have a lot of body data available that could make new biometrics. The key advantage here is that skin cells are very large compared to electronic feature sizes. A decent processor or memory can be made around the size of one skin cell and many could be combined using infrared optics within the skin. Temperature or chemical gradients between inner and outer skin layers could be used to power devices too.

If you are signing something, the signature could be accompanied by a signal from the fingertip, sufficiently close to the surface being signed to be useful. A ring on a finger could also offer a voluminous security electronics platform to house any number of sensors, memory and processors.

Skin itself offers a reasonable communications route, able to carry a few Mbit’s of data stream, so touching something could allow a lot of data transfer very quickly. A smart watch or any other piece of digital jewelry or active skin security patch could use your fingertip to send an authentication sequence. The watch would know who you are by constant proximity and via its own authentication tools. It could easily be unauthorized instantly when detached or via a remote command.

Active makeup offer a novel mechanism too. Makeup will soon exist that uses particles that can change color or alignment under electronic control, potentially allowing video rate pattern changes. While that makes for fun makeup, it also allows for sophisticated visual authentication sequences using one-time keys. Makeup doesn’t have to be confined only to the face of course, and security makeup could maybe be used on the forearm or hands. Combining with static biometrics, many-factor authentication could be implemented.

I believe active skin, using membranes added or printed onto and even within the skin, together with the use of capsules, electronic jewelry, and even active makeup offers the future potential to implement extremely secure personal authentication systems. This pseudo-biometric authentication offers infinitely more flexibility and changeability than the body itself, but because it is attached to the body, offers much the same ease of use and constant presence as other biometrics.

Biometrics may be pretty useless as it is, but the field does certainly have a future. We just need to add some bits. The endless potential variety of those bits and their combinations makes the available creativity space vast.

 

 

Heartbleed: a personal action plan

There is much panic today after the Heartbleed bug has been announced. All those nice sites with the padlock symbol running https where you felt safe and warm, well it turns out that some of them may have not been so safe and warm after all. Some were, but many IT advisors are recommending you change all your passwords to be safe because we don’t know for sure what was compromised.

BUT DON’T CHANGE THEM ALL YET!!

Right at the moment, a lot of sites won’t have installed the patches to fix the bug, so are still vulnerable, and you really don’t want to be typing in a new password that is being intercepted, do you?

I am not an IT advisor, but I have managed to get through 33 years of computing all day every day with only 2 viruses so far, and one of those came on the system disks with my first ever Mac in 1987 – yes really. I think my approach is fairly common sense and not too over the top.

There is a natural common sense order in which you need to do stuff. It will take you ages, so my advice is to wait a couple of days. The bug has been there a long time, so a couple days more won’t increase your risk much, but if you change everything this morning you might have to do it all over again in a few days time. If it makes you feel safer, do Step 2 now and then change your Google and Yahoo passwords

When you do:

Step 1

First, limit the amount you use the web or internet for the next day or two so that you are compromised as little as possible, as few passwords are intercepted and cookies read and password files stolen as possible.

Step 2

Meanwhile, clean your PC up a bit. Some of you will be bang up to date and will have different set of favorite tools than me, in which case, do it your way, but make sure you do it. If you are not quite so IT savvy, try my list:

Run C-Cleaner. If you don”t have it, get the free version from

http://www.piriform.com/ccleaner/download

(Advanced System Care works fine too, but in my experience you need to be extremely careful installing it to avoid getting other dross on your machine. Don’t just click next without reading what boxes are checked/unchecked and what other downloads you’re authorising. I have both but really, either works fine alone)

Basically, tick all the boxes for all the browsers to clear out all your cookies and any junk that may have been stored in your temporary files. Then do a registry clean. It isn’t related to this problem but it is good practice anyway.

Your memory, wastebasket, temporary files, and other places that can be scanned using the heartbleed bug are now clean. I recently tried using Superantispyware too, which is fine, but so far it hasn’t found anything if I have already run C Cleaner.

Now, when you do use the web before it is all patched, you’ll at least be at lower risk.

Step 3

DON’T PANIC!!!!

HT Douglas Adams.

The world probably won’t collapse before the weekend and all the competent companies will have their IT staff patching up and writing you nice emails or welcome screens to say how much they love you and protect you and that they are now ready for your new password. Well, wait a while. They may be ready, but if your browser isn’t yet ready, and especially if you’re saving your passwords using the browser, then your new password could be intercepted.

Think about it. If you are being intercepted, changing the password won’t work, the new one will be caught, so you’ll have to do it all again. If you aren’t, then you won’t know, so will still have to do it again just in case. Google and Yahoo say you don’t have to worry about their sites, and they are probably telling the truth, but I among many am not 100% convinced, and I will be changing my Google and Yahoo stuff. Soon, but not yet.

Use the time to make a list of any sites you remember visiting that have passwords, especially any with other personal details or credit card or bank details.

Step 4

On Saturday, Sunday or Monday, reserve a long session to fix your life. Make a big coffee and set yourself down for a long session.

4.1 Run system update to make sure your system is up to date with the latest fixes.

4.2 Do Step 2 again to make sure your PC is once again clean.

4.3 A full system scan for viruses and other malware wouldn’t hurt.

4.3 Reboot just for peace of mind. You will be changing everything, you want to feel you did it right.

4.4 Think up some sort of password scheme that is different from the one you used before. Use combinations of things, first letters of items or people on a list, keyboard patterns, numbers that mean something. It’s notoriously easy to guess a birth-date or a pet’s name, but hard to crack a combination of bits of several things. Everyone agrees you should use a different one for every site, but we all know you won’t. At least if you use the same root, change a leaf or two by including a letter or two from the site name, maybe shifted two letters along the alphabet or whatever. Even that helps. Be inventive.

4.5 If you use a master password file on your computer, empty it, then change its password and to make sure your new ones go in a clean and secure box.

4.6 Change your Google, Yahoo passwords and for any browsers. If they had been compromised, then anything else you did on any parts of their empires could have been. If you store passwords using the browser, the browser has to be safe before you do anything else. So you have to do them first, or anything else you do could be a waste of time.

4.7 Change your email passwords. You won’t remember all your old one so will have to get resets for some and will need your email for that. You need to be sure you’re using fresh passwords for email in case they had been stolen.

4.8 Change your Facebook, chat room any other social networking passwords. Some say they are safe, best be safer still and change them anyway to your new regime.

One by one, log on to every other site you use and change its password. Use a mixture of characters, capitals and lower case, numbers, punctuation marks (if they are allowed). Write the new password down in your little black book if you want, in a way that means something to you but nobody else.

4.9 Relax. You won’t remember all the sites you ever go to. Some, you won’t have been to for months or even years. But when you cleaned your PC, you deleted all those passwords, so at least if they weren’t already stolen, at least they won’t be stolen now. You will still face a small risk if your passwords are known for sites you don’t remember, but it is probably just a small risk, so really not worth worrying too much about.