Monday, September 24, 2012

Your Face is Familiar, But Not Enough to Log You On


Biometrics is the science of measurement applied to biological entities such as fruit flies, dogs, or human beings.  Ever since the discovery that fingerprints are a nearly unique lifelong way of identifying people, we have employed biometrics in some form, but usually only in special situations such as criminal investigations or other law-enforcement matters.  But recent advances in the quality and reliability of digital biometric sensors that work entirely without human intervention have made it possible to log on to your computer, not with a password, but with your right thumb, as I saw a colleague do in my office the other day.  He has a new laptop and at the lower left corner of the screen is a little red panel that he swiped his thumb over to turn it on.  Although I didn’t try it, I suspect my thumb would not have done the trick.

The San Jose Mercury News carried a roundup article the other day describing some new and upcoming biometric techniques.  Turns out fingerprints are only one of many characteristics that inventive labs and firms are working on.  Face recognition software is getting good enough to pick out a particular face in a high-resolution photo of a crowd.  And somebody in a government lab is working on the notion, familiar to owners of bloodhounds, that body odor is unique enough to identify you.

I will be the first to admit that being pestered for a new, unique, high-quality password that is also different from all the other new, unique, high-quality passwords you’ve had to come up with in the last six weeks to do everything from buying things online to logging into your organization’s pay system, is quite annoying.  So why am I not jumping for joy over the prospect of simply swiping my thumb or even just grinning into the camera to get my computer to do what I want?  Several reasons come to mind.

The first one is pointed out by a researcher quoted in the Mercury News article.  There is a basic assumption of anonymity that people have when they go into a public place.  Yes, sometimes you put on a nametag at a party or in a social setting where you want people to know who you are, but if you’re like me, you feel sort of foolish if you leave the event and look down a couple of hours later and you’re still wearing your nametag at the airport.  There are places where I don’t necessarily want all and sundry to know who I am, not because I’m doing something nefarious, but just because the information could be abused.  It’s a little far-fetched now, but this is the kind of problem that biometrics could lead to if it gets into the wrong hands.  And believe me, if it becomes widely used by consumer-electronics manufacturers, it will get into the wrong hands.

A second problem concerns what I’d call the interoperability problem.  The big pain about passwords is that every little seller of internet toothpicks and offerer of free software wants you to come up with a password for their particular system.  Some people use the same password for everything, and I . . . well, I don’t quite go that far, but let’s just say there are commonalities among the different passwords I use.  If we go whole hog for replacing passwords with biometrics, what kind of biometric identifier will we use?  If there’s some industry-standard device, that means basically everyone will be using the same password for everything (read “fingerprint” or whatever the feature du jour is for “password”), and that means one giant database sitting somewhere with everybody’s password on it might not be that hard to compile.  The dangers that could arise from such a concentration of sensitive information are obvious.  And if we use a diverse number of systems, well, that means a diverse number of plugins or thingamajigs or whatever, will be needed to log in to many sites, and that could be even worse than having to remember all those passwords.

Last but not least, I will remind you that no technology is perfect, and this includes biometric devices as well.  Say you are using face-recognition technology and one day you decide to shave your moustache.  Ooops!—facial hair isn’t all you lost.  You’ll have to retrain X number of security programs to recognize your new, less hirsute visage.  At least when you forget a password, there’s usually some alternate approach that works reasonably well—a security question or two, an email to your known email address, or some such thing that consumes time but otherwise works pretty well.  Biometric security will have to have some kind of backup like that, but who knows what form it would take? We might end up looking at passwords rather like I looked at the little hole in the front bumper of my 1958 Morris Minor (well, technically it was my father’s car, but he let me drive it when I was in high school).  It had an electric starter, but in a pinch such as a moribund battery, you could take the tire jack, stick it through the front bumper, and crank the little pint-size motor to start it by hand.  (I never got up the nerve to try that, but it’s one of my many lost opportunities of my youth.)

Part of what we are seeing is a generational shift in attitudes toward privacy.  Things that annoy me, such as the creepy way items I search for online at one site start magically showing up a few days later in ads at a wholly unrelated site, are things that just seem part of the background of life to younger people who haven’t experienced anything different.  After all, before there were cities, most people lived in little village clans where everybody knew who you were and what you were up to, and we survived that.  But there is a disproportion of power and ability between one individual whose identity is increasingly ascertainable, and the giant international corporations who can ascertain it and act on that knowledge.  Let’s hope we don’t get so used to the degradation of privacy that by the time we start missing it, there’s nothing left.

 

Sources:  The San Jose Mercury News (www.mercurynews.com) carried the article “Does Rise of Biometrics Mean a Future Without Anonymity?” on Sept. 16, 2012.  I would give the article’s URL if I could get it to work, but I can’t.  You can find the article by the paper’s online search function. 

Monday, September 17, 2012

Texting in Emergencies: Communications Gone Right

 
Most Fridays, I drive the 35 miles or so from San Marcos to Austin, Texas, where I have a long-standing association with a laboratory on the Pickle Research Campus of the University of Texas at Austin.  No, we do not research pickles there, though that would not be a bad way to spend time.  It’s named for “Jake” Pickle, the U. S. Representative who steered a lot of federal energy money to UT in the 1980s, and UT returned the favor by naming the research campus after him.

It’s a mildly secure place where you need a parking sticker to get in, but otherwise it has the open feel of a research business park.  As I drove through the place about 10 A. M. on the way to the building I work in, I noticed a large crowd of people outside a dining hall.  Thinking maybe they were waiting for a tour bus, I didn’t wonder about it any longer until I pulled up at my building and saw another group of people milling around outside.  It had been raining lightly, so I knew these folks weren’t just taking the air for their health.

I saw a man I knew and asked him what was going on.  He said that the University had sent out a text message about ten minutes ago telling everybody to leave their building and get as far away as possible from it.  There was some confusion as to whether this applied only on the main campus or to the research campus as well, but when in doubt, most people decided to evacuate the premises.

There was no telling how long this was going to go on and I had some other obligations, so I just turned around and went back home.  Later I learned that the all-clear wasn’t given officially until noon, and that the bomb threat (that’s what it was) had been a hoax.  University officials had received a phone call about 8:35 that morning, and the caller said that bombs were set to go off in campus buildings in about 90 minutes.  The administration received some criticism for not notifying students sooner, but I want to talk about what went right:  the system of using broadcast text messages in emergencies.

I am old enough to remember the infamous “duck-and-cover” drills that were observed in schools in the 1960s, during the height of the Cold War.  Back then, there were two main ways of notifying the public of a crisis such as a potential nuclear war:  radio and TV broadcasts, and sirens.  But if you didn’t happen to be watching TV or listening to the radio, and were out of the hearing range of a siren, the first you might know something was wrong would be your conversion into toast.  Still, these means were reasonably effective when we all thought we had at least thirty minutes’ warning before incineration.

But today the most common type of physical threat that educational institutions have to deal with is both smaller scale and more personal:  either a “shooter” on campus, for example, or a hidden bomb.  Neither of these comes with a guaranteed thirty-minute grace period.  So how nice it is to have a system in which identical messages containing a reasonable amount of information can be simultaneously sent to students via a medium that they nearly all use dozens of times a day.

During the media coverage of the evacuation, it emerged that UT has signed up some 60,000 people to receive emergency text messages.  I, alas, am not one of them, because I’m one of those old fogies who rarely carries a cellphone, never mind text messages.  But I had no trouble finding out what was going on from those who got the message.

A few years ago I wrote an article about the engineering ethics of communications technologies.  The specific example I used was the way fire and police communications broke down during the 9/11 attacks and Hurricane Katrina.  The point I made was that modern communications technologies create an expectation that they will be there in an emergency, and when they collapse due to unusual circumstances it is a kind of moral failing.  I didn’t have any examples of systems working well in that article, but that was before the UT bomb scare last Friday.

While one could question the timing of the alert, the fact that nearly everybody got out of hundreds of buildings on campus with no injuries is a remarkable achievement in itself.  Such evacuations can easily go bad, as when someone yells “Fire” in a crowded theater and a stampede ensues.  Mood is everything.  Theater patrons scared out of their seats by a fire alarm are in a much different mood than students told to drop whatever dull thing they’re doing and go outside to chat.  There is also a tacit admission on the part of the administration that whatever you do, students will read their text messages during class, and in this particular case, it was a good thing.

If some techno-genie had come out of the sky in 1965 and offered to provide a way to send instant emergency messages to everybody in a school, or a city, people would have leaped at the chance, I think, even if it had cost something.  But the demand-driven spread of cellphones has provided a virtually free way of doing that.  It’s a shame that city governments have not also clued into this way of spreading emergency information in a larger way, although there may be municipalities that have.  It would be great for tornado warnings, for instance, but you can already get those texted to you by commercial weather channels.

It’s nice to discuss a technical incident with ethical implications that went right for a change.  Technology will also be involved in catching the guy who pulled the hoax, and I would not want to be in his shoes when they find him.  As UT’s President Powers said at a news conference, every such incident gives them more material to learn from so they can do better next time.  I hope they do, but I think they did pretty well this time too.

Sources:  An article describing the events of last Friday, Sept. 14 concerning the bomb threat on the UT campus can be found on the Austin American-Statesman webpage at
http://www.statesman.com/news/nation/bomb-threats-prompt-evacuations-at-3-campuses-2457978.html.  My article on the ethics of emergency communications technology, "We've Got to Talk:  Emergency Communications and Engineering Ethics," was published in IEEE Technology and Society Magazine, vol. 26, no. 3 pp. 42-48, Fall 2007.

Monday, September 10, 2012

Can Engineers Fix the Political System?


From now until early November, U. S. citizens will be bombarded by more political ads than most people care to hear.  While I won’t take sides today, I sense a general opinion that the U. S. Congress in particular, and perhaps the whole range of U. S. political systems in general, is severely impaired if not quite broken down.  And during an election year, it’s more noticeable than ever.

Support for this sense comes from a book by economist Arnold Kling, who thinks the U. S. has outgrown a political system that may have worked fine when the country was much smaller, but has now become antiquated and needs serious overhauling.  His basic point is that while the knowledge needed to govern the country is increasingly diffused by means of the Internet and other advanced technologies, the present political system tends to concentrate power in the hands of a few hundred elites:  the President and his executive-branch heads, members of Congress, quasi-independent bureaucrats such as the Federal Reserve Board, and leaders of large private corporations.  This leads at best to a kind of paralysis in which the elites do things that basically feather their own nests, while the great mass of people have little voice or influence on what the elites choose to do to them (I could have written “for them” instead of “to them” but sometimes it’s hard to tell which preposition is more appropriate).

Rather than just complain, Kling proposes some solutions, and says some very nice things about engineers in the process.  He cites the way that the Internet’s technical rules are arrived at as a good example of “just-in-time government.”  Although the process is somewhat different now, for many years the Internet was governed by a series of ad-hoc Internet Engineering Task Forces (IETFs).  A typical task force would be called together by an engineer who thought there was a problem that needed fixing.  Other engineers interested in the problem would volunteer their time to form a working group which would have meetings (either virtual or face-to-face) to discuss alternatives and agree on a plan of action.  Eventually the solution would be agreed upon and circulated in the form of a final draft.  If nobody objected strenuously within a certain time, the draft became Internet “law.”  Though Kling doesn’t mention it, many technical standards such as the ones about how wireless devices interact (you may have heard of IEEE 802.11, which is one such standard for local area networks) are arrived at by essentially the same kind of task-force mechanisms.

Kling points out that in contrast to well-paid civil servants, volunteers do not have an incentive to keep their problem alive so as to justify their working on it indefinitely.  They have their own jobs they’d like to get back to, and fixing the problem expeditiously is more appealing than prolonging it.  On the other hand, if you are the government-paid Assistant Sub-Executive Secretary of the Department of Circumlocution or something, you may be tempted to say that “further study is needed” no matter what problem comes up.

Kling uses IETFs as an example of ways that societies can govern themselves without the need for a superstructure of permanently empowered individuals whose terms in office last for many years.  He has other ideas as well that would make government run more like a competitive business and allow individuals to choose which regulatory and tax regime they would like to live under, without the disagreeable necessity of moving from one place to another physically.

Kling makes a good point about the excessive concentration of power with the following example.  If you divide the total budget of $4.3 billion for Montgomery County, Maryland by the number of County Council members, the spending per legislator is an astonishing $500 million.  There are few CEOs of private companies who can boast of controlling so much cash.  By contrast, Switzerland is divided into 26 “cantons” with between about 50 to 100 legislators in each canton.  The highest per-legislator spending level in Switzerland—a nation, not a county—is $76 million.  And Switzerland spends more per person on its relatively small population than the U. S. does.  When the U. S. was smaller, the spending per legislator was closer to what Switzerland’s is today, and it was probably easier for an average citizen to get the attention of a legislator, simply because there weren’t as many citizens then as there are today.  We would need upwards of a thousand congressmen in Congress today in order to move substantially closer to Switzerland’s situation.

And that brings up the main problem with all these nice ideas: as with many wide-ranging proposals to remake the political system, the problem is how to get there from here.  It’s unlikely that anyone in Washington is going to look kindly on the idea that we should have ten or a hundred many times as legislators as we do now.  And the alternative, to move power from Washington back to the individual states, is also one that has a rough time getting heard, although there are slight signs that the U. S. Supreme Court is thinking it might be time to move that way.

In the near term, the best we average citizens can do is to vote for people who might possibly be inclined to look beyond their own interests and do what is right for the city, state, or nation, regardless of whether it means a decrease in his or her own power.  Such people are increasingly rare, but if you find one, I encourage you to vote for them, while you still have the opportunity.

Sources: Arnold Kling’s Unchecked and Unbalanced:  How the Discrepancy Between Knowledge and Power Caused the Financial Crisis and Threatens Democracy  was published by Bowman & Littlefield (Lanham, MD) in 2010.



Note to Podcast Enthusiasts:  I was recently interviewed by Jeffrey Shelton and Chris Gammell of “Engineering Commons,” a podcast they put together weekly.  The resulting podcast was posted Sept. 6 and if you want to hear your scribe opinionate on a wide range of ethics-related matters, you can download it at theengineeringcommons.com.

Monday, September 03, 2012

A Trip To the Genius Bar


It is a sad fact of life that even the best-engineered system breaks down from time to time.  Hence repairmen (or should I say repair people, these days) are assured of job security, although the types of repairs they make have changed radically over the years.  For a few summers in high school and college, I worked as a repair technician at an audiovisual services shop, fixing tape recorders and dealing mainly with mechanical rather than electrical troubles.  But when my Mac laptop started acting up the other day, I decided to take it to the 2012 version of Mac’s fix-it shop:  the Genius Bar.

That’s an inspired name, by the way, evoking images of a drinking establishment with a bouncer that lets in only MENSA members with IQs above 140.  What it is in fact is a counter at the rear of an Apple retail store in an Austin shopping mall.  I had heard recently that Apple retail stores have the highest sales figures per square foot of store area of any type of mall store, and after visiting one, I believe it.

The display windows showed life-size cutout profiles of two people enjoying some of the latest Mac products.  Just a few minutes after the store opened at 10, it was as crowded as a discount clothing store during tax-free weekend.  And about half the people inside wore identical blue tee-shirts with Mac logos:  the sales staff.  Someone greeted me as soon as I stepped in the door.  I explained that I had gone online and made an appointment for 10:15 at the Genius Bar, and the man referred me to another sales associate, a young woman carrying an iPad (clipboards are so twentieth-century), who looked up my name and said it would be just a few minutes.  I was early, so I didn’t mind waiting.

Customers, or potential customers, were everywhere, trying out the wares displayed on clean, simple white box-like tables or browsing through the accessories for iPads, iPhones, and i don’t know what all else.  I wasn’t in the market for any of those, so I poked around where they had custom-made cases for iPads.  The one I found most amusing was made to look like a codex:  one of those pre-printing-press books with thick hand-painted leather binding.  It gave me the same kind of feeling I had when I first heard a student’s cellphone in my class emit a classic mechanical-bell ringtone.

Pretty soon yet a third salesperson hunted me down.  “Karl?  We’re ready for you, have a seat right here.”  It was just a bare counter with four high stools and barely enough elbow room to separate me from an older woman with a German accent who was explaining what her Macbook Air wasn’t doing right.

My genius (I’ll call him Biff) was a late-twenty-something man who was distinguished from many of the other salespeople by not having any tattoos.  He asked me what the problem was.  I told him my Magic Mouse did all its magic except scrolling, and it wasn’t the mouse because it would scroll fine with my wife’s computer.

He tried some obvious things first.  Logging in as a guest, he discovered that when he did that, the mouse worked.  That was progress, but he explained that all it told him was that some of my custom library and root stuff was corrupted, because when a guest logs in the library is empty.

I will not bore you with what all he tried in the next half hour.  At one point, because no one had mentioned charges or fees, I asked him what this would cost.  “Nothing unless we turn a screw.”  So software fixes were free.  That sounded good.  Every so often he’d spin the computer over to me and ask me to enter my password again.  I must have done that fifteen or twenty times.  It gave me a nice but entirely spurious sense that I was assisting in the repair.

At one point he turned to the fellow genius next to him, an older guy with a short beard, earrings, and many tattoos.  The guy said, “Don’t try this unless you know what you’re doing,” went into some mysterious part of the file system where all the files were labeled with incomprehensible abbreviations like “ertx” and “infpro,” but failed to fix the problem.  My genius reset something on the machine that took a few minutes and excused himself to go in the back and consult with the web, I suppose.

When he came back, I said I supposed they wouldn’t let him work on my machine all day, would they?  Was there a time limit?

“Not a time limit exactly, but a goal.  We can be somewhat flexible, and there’s one more thing I can try.”  Saying thus, he opened some files and started selectively wiping out whole sections.  I got a little nervous and recalled Mark Twain’s saying that “a good horse was a good horse until it had run away once, and a good watch was a good watch until the repairers got a chance at it.”  But this wasn’t the first time the machine (a fairly new one) had been in for repairs, so it wasn’t really relevant to the case.

Finally, Biff turned my Mac back to me and said, “Now, one more password entry, and see what it does now.”  Then he tried stroking the mouse’s back, and this time it scrolled.  And we were in my library, not the guest’s empty one.  I congratulated Biff, thanked him for his time, packed up my Mac, and walked through the crowd surging around the thousands of dollars’ worth of retail merchandise I steadfastly refrained from buying, and went about the rest of my day.

Was it ethical for me to take a half hour of a genius’s time and get a repair that probably would have cost me upwards of a hundred dollars at a non-genius shop?  Well, I look at it this way.  If they really sell five thousand dollars a year of stuff from that place for every square foot in it, they seem to think they can afford to give away free software repairs in the back.  And if some customers take advantage of this service without leaving some of their cash behind for other more costly attractions on display, well, it’s just a cost of doing business that way.  I for one thank Apple for being so generous, and only wish there were more Apple retail stores nationwide.  But that would spell trouble for all the other Mac repair shops, so maybe things are just as well the way they are.

 

Sources:  The statistic on retail sales in Mac stores (their figure of $5,647 per square foot, presumably per year, is seventeen times the U. S. mall store average of $341) is from an MSN Money article published on April 19, 2012 at http://money.msn.com/top-stocks/post.aspx?post=f87ebfd7-fcf1-4bdb-9489-d752d85293b6.  Mark Twain’s comment about horses and watches, which he attributes to his deceased Uncle William, is in his short story, “My Watch.”