Wednesday, September 25, 2013

Less Talky, More Hacky

Light posting lately.  I'm spending my time learning MongoDB, CouchDB, jQuery, Bootstrap, and node.js, in pursuit of various projects.  Gotta get hip with the web technologies, dontchaknow.

I was an invited speaker at Sibos last week in Dubai, and spoke on money laundering and counter-fraud in commercial banking, and specifically how the same types of data comes up over and over again, so it doesn't make sense to field a different platform for each problem.  My talk was apparently well received.

Thursday, September 12, 2013

Theory Thursday: The Central Limit Theorem

Back when I was employed researching the mysteries of the universe by pipetting lots of stuff, I used to say that physics was the study of things that are pointy in the middle and small on the ends, so that we can ignore the ends.  Essentially, the idea in much of science is to figure out how to boil a phenomenon down to a few variables that have reasonably well defined values, i.e., a mean or average value.  All measured variables have a distribution, but not all distributions are pointy in the middle, and only for distributions that are pointy in the middle does it make sense to calculate the average value.  As a classic counterexample, the power-law distribution doesn't have a pointy middle:

You can still, of course, calculate the mean value of this distribution by summing over all the values and dividing by the number of values.  But the point is that it won't mean much intuitively: "most" of the values won't be "around" the mean value.  They're all over the place.  So, if we want to be able to talk about measuring a "variable", we'd like it to have a peak in the middle.  In particular, it would be really handy if our distribution was a Normal Distribution (aka, the famous Bell Curve, or Gaussian, after the legendary mathematician and physicist Carl Freidrich Gauss.)


A normal distribution has a couple of very nice properties that make math a lot easier:

  • The mean, median, and mode are all the same.
  • It's mathematically tractable to work with and has a simple form.


Luckily for us, the Central Limit Theorem has our back.  What it says, basically, is that if you take a whole bunch of random variables, what you get out will probably* be pretty close to a normal distribution.  And this is good news for people who like things high in the middle and flat on both ends**.  Most real processes in the world are the result of a bunch of sub-processes, each of which has its own distribution.  For instance, the average number of fish in a lake may depend on the average rainfall, the average temperature, the average number of fisherman, and the average amount of food, each of which in turn is affected by a number of other variables.  When we mush these all together, things tend towards a normal distribution, which lets us deal with most natural processes in a tractable way mathematically, giving us a universe in which many things of interest have well defined average values, because they're peak-y.

*Without getting too deep in the weeds, this is true assuming your distributions have both a finite mean and a finite variance.  Some power-law distributions do not have a finite variance, because they have what's called a "fat tail": basically, they don't converge to zero fast enough, so there's lots of stuff way out towards infinity.  If all your variables are like this, you're in trouble.  Luckily for us, the real world is mostly composed of things that have finite variance.

**As opposed to Ohio, which is high in the middle and round on both ends.

Wednesday, September 11, 2013

Fingerprint Scanners and Network Privacy Effects

Yesterday, I had some snark for the assertion that Apple using biometric identification in a consumer product amounted to then taking your fingerprints "against your will".  I also considered the ethical aspects of whether your neighbor's privacy choices affect yours.  But from a technical perspective, I find myself still very interested in Jacob Appelbaum's assertion that this will have an impact on overall privacy (or, specifically, his privacy) via "network effects," and found myself thinking through what this might mean.  What follows is a probably overly pedantic analysis of the idea of privacy network effects in general.

First, let's define what a "network effect" is in this context: technically, network effects of technology are ways in which the adoption of a technology by someone else makes that technology more or less valuable for me.  As an example of a positive network effect, e-mail is more valuable if more people use it, because I can reach more people using e-mail.  An example of a negative network effect is traffic or network congestion: the more people who use cars, the more traffic I have to contend with.  I think, technically, we would construe a network effect on privacy for the iPhone fingerprint scanner to be one in which adoption of the device by others reduces @ioerror's privacy if he uses the same device.  However, I think we can safely conclude that @ioerror won't be using an iPhone 5S, or if he does, he'll use a sharpie to disable the fingerprint scanner.  So, more broadly construed, we might consider network effects in which other peoples' adoption of the iPhone 5S reduces @ioerror's privacy, or even more generally, reduces the privacy of other people who don't use the phone in general.

It's important to distinguish this from simple consumer choice: there may be an overall reduction in privacy because of peoples' choice to use the iPhone 5S fingerprint scanner, but they may make that choice entirely based on considerations of convenience.  This is an important distinction because, in the absence of network effects, it means that there's effectively no moral angle to the fingerprint scanner: the very fact that a large market exists for such devices means that community standards accept such choices as valid*.

There are a few mechanisms by which we can imagine privacy network effects being propagated.  I think it's clear from context that the case that @ioerror is worried about is the normalization of biometric identification: including fingerprint scanners in phones which lots of people use will make people less more complacent about fingerprint scanners in general.  Is there evidence for this?  There are certainly a lot of cases of the public accepting lower privacy standards for specific purposes.  For instance, when TSA imposed full-body scanning at airports, a lot of people shrugged and walked through the scanners.  But, there was no obviously identifiable network effect: we didn't start to see full-body scanners replace metal detectors at federal buildings or schools (although it may be too soon to tell.)  It may be the case that there are downstream effects: have we seen a profusion of metal detectors in public places (ball games, emergency rooms, schools) in general?  Probably; I can't find statistics on this, but casual observation strongly suggests it.  Is there a case to be made that this is due to normalization of security technology into our everyday lives?  Again, very possibly.  But is that due to a network effect, or due to simply government policy and heightened media attention?  That is much harder to establish.

Perhaps a more compelling example is the profusion of sites that now let you log in using your Facebook ID instead of tracking logins on their own.  As such logins become more common, it's easier to shrug at the (very real) privacy considerations of linking your Facebook account to each additional site.  An important difference between these two cases is cost: metal detectors and full body scanners are expensive.  Software is cheap.  Which leads us to a second potential mechanism for network effects: By including such devices in their mass produced phones, Apple will effectively bring the cost of such devices down to the point where other phone manufacturers may start using them, and it may come to the point where it is difficult to buy a smart phone without one.  This, I think, is a much more easily demonstrated mechanism of network effect.  However, both are highly indirect: the adoption of the technology by party A does not directly impact party B's privacy: it's only through a very indirect set of policy, economic, and attitude changes that such effects could be propagated, and it's far from clear that these effects are even close in magnitude to the simple market demand for such devices.

Then, of course, it bears questioning: how would fingerprint scanners actually impact our privacy?  First, there's what I call The Strong Hypothesis:


The Strong Hypothesis is that the NSA will gather fingerprints en masse from iPhones and other devices, then use them to create a national database.  Six months ago I would have rated this tinfoil-hat-silly.  But, of course, the revelations of the last few weeks make a lot of us look pretty silly for thinking that way, so it's no longer possible to simply disregard that possibility out of hand.

The Weak Hypothesis is that, for instance, the FBI will be able to subpoena your fingerprints from Apple in order to compare them against fingerprints they've collected, when previously they would have had no way of getting your fingerprints short of hauling you in.  Whether or not this could happen depends a lot on how the technology is managed, and it seems more likely than not that Apple will store the fingerprint data on the device in a way that precludes remote access.  But Apple has done stupider things before, and trusting their commitment to privacy is probably not a good strategy.

So, to close the loop, a network-effects-privacy-impact might look something like this: Apple's introduction of the fingerprint reader to the iPhone 5S lowers cost and social barriers to similar devices, and we start seeing fingerprint scanners not just on phones, but on laptopscars, at the airport, and even at the gym.  Oh, wait...

*The same argument doesn't necessarily hold for things like cigarettes though: sale and consumption of cigarettes imposes externalities on people who don't consume them, in the form of second-hand smoke, and increased public healthcare costs.  Even if the sale of cigarettes is evidence that the community approves of cigarette consumption in and of itself, the effects on others have highly complicating moral effects.  This is why it's important to establish whether there are network effects in deciding whether there's a moral aspect.

Tuesday, September 10, 2013

Fingerprint Panic!

So, it sounds like the shiniest new iPhone will have a fingerprint scanner for security.  Bruce Schneier, naturally, has some interesting and relevant technical considerations which he voices, in particular, about what happens if Apple decides to store fingerprint data in the cloud.  But it seems like there should be a secure way to do this: nobody is realistically going to actually store an image of the fingerprint, not even on the phone itself.  Instead, they'll store a hash of some set of metrics derived from the fingerprint.  If you add salt to the hash, and the salt is stored on the phone, then you still need an unlocked physical device for the hash to be useful at all; the cloud-stored version is useless, just like a salted password file.

On the other end of the spectrum, there's this:



Allow me to suggest, for the paranoid, a few practical steps to be taken here to foil The Man:

  1. Don't buy an iPhone.  Problem solved.
  2. If you absolutely must play Angry Birds, turn off the fingerprint reader and use a passcode.  Better yet, use a non-numeric passcode.
  3. If you don't believe that turning off the fingerprint scanner will foil the NSA's backdoor into your phone, try using a Sharpie to color over the fingerprint scanner window.
With respect to the network effects: what do you care if someone chooses convenience over privacy?  People do it all the time, with their Safeway club card, their credit card, their choice to go through the scanner instead of get a pat-down at the airport, etc.  Privacy is a very personal decision.  Some people crave it, and it's their constitutional right which I support staunchly.  But lamenting the "network" or "societal" effects of other people choosing security, convenience, fame, or money over privacy makes you little different than a church pastor denouncing the gay lifestyle because of the effect it will have on children.  Society as a whole is constantly making decisions about their personal trade offs of privacy versus convenience, and you can always go Galt and peace out to a cabin in the woods if the unwashed masses refuse to hear your speech.  You might want to give up tweeting if you go that route though: you give up far more privacy in practical terms through Twitter, Google, and Facebook than you would from a fingerprint scanner on your phone.

Thursday, September 5, 2013

What I Did With My Summer Vacation

This was my third year attending the Burning Man festival in the Black Rock Desert in Nevada, although "attending" isn't really what you do at Burning Man; you are there to experience it.  It is a 60,000 person city that springs into existence for a week, with interactive art, events, and parties, all of which is either burned or disassembled at the end of the week.  Like a sand mandala, it will never be there in the same way again.  This year I took very few photos (if you'd like to see some incredible photos, see these by Jim Urquhart, a Reuters photographer who I met at last year's burn).  But I spent a lot of time in quiet contemplation and introspection, a lot of time meeting new people, a lot of time dancing alone and with others, and a lot of time hugging people and making new connections.  A short list of things I learned this year:

  1. Not all of the pieces of my personality are well suited for all purposes.  I can be impatient, overly solution-focused at the expense of the feelings of others, and intimidating.  I often beat myself up over these "flaws", but I realized that these are not, in fact, flaws.  Every part of my personality, my humanity, is important, is a part of who I am, and is valuable.  Sometimes, you bring some parts of your personality to bear in certain situations, and sometimes you let other parts take a back seat, because it's the best place to get you from A to B.  But that doesn't mean that those parts of your personality are bad, they're simply the wrong tools.  Next time you think that by not saying something, you're being untrue to your authentic self, ask yourself whether you're really being inauthentic, or whether you're just choosing to utilize a different skill (patience, forbearance, acceptance) rather than the one that's easiest and comes most naturally to you.  And, then, when you're out with your friends later, speak unvarnished truth, be funny, and abrasive, and a bit loony.  They love you for it.  That's why they're your friends.
  2. Solid state hardware can, in fact, succumb to dust and heat and fail in the desert, the same way things with moving parts can.
  3. Don't try to write your greatest hits anthology while you're on your second album.  Don't think about how you're going to tell your story to people while you're still in the middle of it.  Experience it mindfully and fully, and absorb it.  Let the emotion, the joy, the sadness, the frustration, the come to you, experience them without judgment, and remember them.  Wait until it's time to tell the story to put them into context.  You never know what's around the next bend that could change the whole thing.
  4. PVC is light, but it's not an excellent structural building material, and can buckle and fail easily and spectacularly under strain, especially in high heat.  Always over-engineer anything built with PVC.
  5. Open yourself to spontaneity.  As Woody Allen said, half of life is just showing up.
  6. You've got a lot of love to give.  Give freely of it, and it will come back to you in the form of joy.  At the burn, it's easy to connect with others, because people are open to the experience.  It's harder back here in Palo Alto, but less hard than you might think.
L'Shana Tova.