Category Archives: Well Duh!

Schneier Covers Newest Lost Laptop, For TSA CLEAR Program

The TSA's CLEAR program where people can spend $100 to be "pre-screened" at airports and bypass security had a security hit recently when a laptop (doesn't this get old) with customer data was stolen.

Well gosh, how could they ever have seen that coming?

Anyway, Schneier covers the story and links to the TSA's response as well as taking a moment to denounce the program again along with most of what the TSA is doing for airport security. Since I've met the privacy officer for the TSA and know he knows what he's doing, the only reason I can come up with for this is that they're not listening to him when he's telling them not to put this kind of data on laptops unencrypted.

Update 8/7/08 – Looks like they found it.

If You’re Sad to See Bush Go, Vote McCain!

McCain is cut from the same cloth as our great friend, president-george-w-bush. He too would support warrantless wiretaps and telco immunity.

Best of all, he's of the same philosophy that the President can do whatever he damn well pleases during a "time of war" which is funny since we're conveniently in a "War on Terror" that's sure to end as quickly and decisively as the "War on Drugs".

The Article II citation is key, since it refers to President Bush's longstanding arguments that the president has nearly unlimited powers during a time of war. The administration's analysis went so far as to say the Fourth Amendment did not apply inside the United States in the fight against terrorism, in one legal opinion from 2001.

That would be just great. Yeah… Let's have a president that continues the vicious downward spiral of American stability, freedom, and public opinion… Let's do that.

Consumers Choose Vista over XP…. NOT!

Ars Technica, usually a good resource for information ran this bonehead article today about how, despite the bad press, consumers are choosing Vista over XP.

Fact: Most (if not all) in-store computers are pre-installed with Windows Vista
Fact: Most standard consumers don't build their own computers

Therefore, if a normal person goes to a store to buy a computer, and all of their options are Windows Vista, Windows Vista, or, gosh maybe I'll take, Windows Vista, it follows that they'll "choose" Windows Vista. Dur

Last I checked, lack of options doesn't mean that they made any choice at all. Besides, most normal computer users would automatically assume that the newest version of an operating system is the best option because they normally are. Unless they've studied the news and/or read site like this one, they wouldn't know to steer clear.

So… My point is that the Ars article says absolutely nothing of value. Even if it were true that people were "choosing" Vista, it wouldn't mean anything.

Cardexchange? I Don’t Think So

So there's a new website that allows people to exchange their loyalty cards with strangers so you "defeat" the tracking an profiling that stores do on you. Unless I'm missing something, this is a pretty dumb idea. Here's the e-mail I sent to them:

Why not just ask for an anonymous card? Exchanging means that you'll get a bunch of ads for stuff that has no relation to you. What if you exchange with a guy who buys ingredients for a bomb or a meth lab? that might come back on you.

Even if the store won't give you an anonymous card, just use fake data.

If you're curious why store value cards and such are a bad idea, see Nocards.org for details.

(H/T to Consumerist.com for the link)

A Blurb About Manhunt 2

I don't know a lot about this game other than it's very violent and has been banned from the UK. Reading about it doesn't make it any better:

“In Manhunt 2, players can mutilate their enemies with an axe; saw their skulls in half castrate them with a pair of pliers; or kill them by bashing their head into an electrical box, where a power surges eventually blows their head apart, ? the letter charges. “On the Nintendo Wii, players will actually act out the violence. One review of the game describes using a saw blade to "cut upward into a foe's groin and buttocks, motioning forward and backward with the Wii remote as you go. ?

Wow, you couldn't make it more real if you tried. Parental groups in the US aren't necessarily determined to ban it and would be satisfied with just giving it an Adult rating. While this is a completely reasonable request and, as far as I'm concerned, a blatantly obvious decision, Take-Two (the game's producer) is fighting this for purely monetary reasons:

An Adults Only rating, however, could be a death blow to the game, since Nintendo and Sony, maker of the PlayStation platform, currently have policies that bar AO-rated games for their systems. That would limit sales for use only on personal computers.

Criminal Probe at FBI Over Patriot Act Violations

The Patriot Act should never have been passed. We all saw the potential for abuse, but our "trust us" government assured us that it would never happen. Yeah, right.

Now that the inevitible abuses have come to light, it would be nice if someone would face some consequences for a change. Like maybe Alberto Gonzales who lied to congress saying that there were no abuses during the hearing for the reauthorization of the Patriot Act.

(H/T to Slashdot for the link)

AT&T Plans to Filter Copyrighted Files In Transit

AT&T (a.k.a the evil empire that won't die), is going to start filtering Internet traffic to remove copyrighted material in transit.

Fortunately, there's no chance this will work for long. First there's the SET technology for filesharing that uses generic chunks from files unrelated to copyrighted material to speed up sharing. If this gets implemented, not only will it improve filesharing speeds and allow people to finish files that have lost their seeders/sources, but it will prevent AT&T from filtering copyrighted material without blocking legitimate shares as well.

Secondly, it won't be long until filesharing networks introduce a quick encryption to packets that scramble them randomly using an IP address so the chunks of data won't be recognized by AT&T filters. I'm sure there are plenty of other techniques as well, but one thing's for certain: even honest non-hackers and non-sharers are still rooting against the copyright holders and AT&T.

I mean, come on! The article says the copyright companies lost billions of dollars due to filesharing? All they're doing is talking about the value of the files they know have been shared without taking into account that many of the people who are downloading these files would never have bought them in the first place! They're not losing money they would have had, they're losing money they never would have had.

As the article itself says, the RIAA and MPAA should just focus their money and resources in finding ways to turn downloaders into honest customers (perhaps cutting prices? Offering slick downloadable options? Removing all DRM so people can do what they want with it?)

(H/T to Slashdot for the link)

Bush Can’t Hold You Forever Without a Trial

One of the scariest developments of the Bush reign was the power to take any citizen, declare them an enemy combatant, and jail them indefinitely with no trial or evidence. That practice has been recently (finally) overturned.

"To sanction such presidential authority to order the military to seize and indefinitely detain civilians . . . would have disastrous consequences for the constitution — and the country," U.S. Circuit Judge Diana Gribbon Motz wrote for the majority.

Let me say this again, no one cares about terrorists and whether they're held forever, tortured or whatever to protect innocent people. The problem is that Bush has declared that he alone gets to decide who the terrorists are and what laws to follow and which to ignore.

Fortunately, even though congress won't stand up to him, the courts are little by little. Thank the founders for coming up with three branches instead of just two.

Gore Attacks Bush in New Book

From ABC news:

He doesn't assail any Democrats by name. Bush, however, he names. Over and over.

While Gore stops short of flatly calling for the impeachment of Bush and Vice President Dick Cheney, he certainly gives the impression that in his view such a move would be well deserved. He calls the president a lawbreaker, a liar and a man with the blood of thousands of innocent lives on his hands.

Wow. If Gore had appeared to have this kind of independent thought long ago, the election might have gone differently. I do fault him for being a coward like every other politicican in not calling for impeachment.

How exactly are you being a responsible non-politician if you call him a lawbreaker but don't flat out say he needs to be impeached and NOW?

(H/T to Digg.com for the link)

The Quick-Read Guide to the Credit Card Act of 2007

This has promise. Apparently, the Credit Card Act of 2007 will ban some of the less consumer friendly practices of credit card companies.

Here are some of the provisions and what I think they mean:

SEC. 101. PRIOR NOTICE OF RATE INCREASES REQUIRED
Not only do they have to give you advance warning that your rate will increase, but they can only apply the increase to balances that you add after the date of the increase. That means the new rate doesn't apply to your old debt.

Well duh. I can't believe they get away with this now.

SEC. 102. FREEZE ON INTEREST RATE TERMS AND FEES ON CANCELED CARDS
If the terms, fees, or interest rate is going to change, you can cancel the card and keep the rates and terms from before the change. In other words, you can't be forced into new terms just because you have an outstanding balance.

My friend called me last night (literally) to ask me about this very question. I guess if there's a law in the works to "fix" this, then it's definitely broken now. I told him his only chance was to transfer the balance to a new card and I guess I was right (for now).

SEC. 103. LIMITS ON CHARGES OR FEES FOR TIMELY PAYMENTS OR NON-USE
You can't be charged a fee for paying more than the minimum balance. You can't be charged for paying the card off. You can't be charged for not using the card.

Holy Guano Batman! There are companies that do this?

SEC. 104. PROHIBITION ON OVER-THE-LIMIT FEES FOR CREDITOR-APPROVED TRANSACTIONS
You can't be charged a fee for going over your limit when it was a transaction the credit card company approved.

Because they approved you after all.

SEC. 105. PROHIBITION ON UNIVERSAL DEFAULTS
This limits the ability of the credit company to raise you rates based on your credit score.

This doesn't actually prevent it entirely, but it requires that if they do, they have to make it extremely clear in the agreement before you get the credit.

SEC. 201. PAYOFF TIMING DISCLOSURES
and
SEC. 202. REQUIREMENTS RELATING TO LATE PAYMENT DEADLINES AND PENALTIES

These both have to do with being clear about the timing of your payoff balance and fees. This happened to me where I paid a card off completely only to find they charged the interest just before the payment hit thus leaving me a tiny balance to discover later. Bastids.

SEC. 301. EXTENSIONS OF CREDIT TO UNDERAGE CONSUMERS
You can't give credit to minors unless there's parental permission, the minor shows the means to pay the debt themselves, and they have a certification of having attended a consumer credit counseling session PRIOR to taking the debt.

This one's a bit of a rub. Minors can already walk away from any debt because you can't enter into a contract with anyone under 18 anyway. I'm not certain that this changes anything other than for minors who don't realize thay can tell the credit company to shove off if that company is stupid enough to give them credit in the first place.

Summary

That's most of the really important stuff anyway. The Consumerist has a link to an online form that will help you tell your congressmembers to support this so be sure to head over there for it.

House Reaffirms FISA

So the House has confirmed that FISA is the ONLY way that surveillance can be secretly done in the US. Um… duh?

Is there anyone that understands this whole mess? Bush breaks the law along with the Telecommunication companies. He gets away with it because no one seems willing to challange him. He tries as hard as he can to get immunity for the Telco's too.

Congress has repeatedly rejected all attempts to circumvent FISA in new bills, but even if they HAD passed a new law, Bush is still guilty of violating the first one! I just don't get it.

Brain-dead Teachers Freak Students Out With Fake Gun Attack

Someone actually thought this was a good idea? How stupid do you have to be?

Staff members of an elementary school staged a fictitious gun attack on students during a class trip, telling them it was not a drill as the children cried and hid under tables.

"The children were in that room in the dark, begging for their lives, because they thought there was someone with a gun after them," said Brandy Cole, whose son went on the trip.

……………………hmm…………….. well,……………… What do you say to this?

These teachers are damned lucky they didn't do it in my kid's school.

Yeah. That'll work.

(H/T to Slashdot for the link)

Update: Here's a link to the school's press release on the topic. Their account of what happened is completely opposite of what was reported on CNN.

Most of the students stood up and said, "That was a good one." "Yeah, you got me." High fives were exchanged.

Either the school is totally downplaying this or CNN has got some serious problems with their accuracy. Either way, if even one child was crying and taking this too seriously, the "prank" should have ended. I still think it shouldn't have happened in the first place and I'll just go back to what I said before: it's a lucky thing for them it didn't happen at my kid's school. I would have been in the princicpal's office the same day.

But something about this press release bothers me and apparently I'm not the only one:

"The children went to sleep and did not discuss it the following morning."

The absurdity of that statement is staggering. They are trying to convince people that in a class of over 60 students, after teachers pulled a 'prank', that not one of these ~60 students said anything about it the next day? Not one of them teased another one about falling for the 'joke'? Really? Not one?

The person who posted this comment on the Slashdot forums is right on.

A Good Article About Data Brokering

Data Brokering (what I refer to as data rape) is the practice of buying and assembling personal information and then reselling it. As opposed to credit reporting companies, these people collect everything they can about you. Companies like Amazon.com and Choicepoint for example.

James Derrell White, 41, who happens to live in Alpharetta, Ga., where ChoicePoint is based, was denied a job with Home Depot this year because data provided by ChoicePoint incorrectly identified him as a felon. "We thought we were in a bad dream," says Julie White, James' wife.

Data Rapists (I mean brokers) have very little regulation which is what leads to problems like these.

"No matter how good any company's attitudes toward privacy, there are too many players in the (data-collecting) industry — too many intricate parts when it comes to privacy issues — to expect self-regulation to effectively deal with the problems," Solove says.

Hear, hear! We need laws and we need laws now.

This story provides some good background information on the issue.

Congress to Tackle E-Voting Overhaul

So they're finally going to try and do something about the e-voting disaster.

HR 811 features several requirements that will warm the hearts of geek activists. It bans the use of computerized voting machines that lack a voter-verified paper trail. It mandates that the paper records be the authoritative source in any recounts, and requires prominent notices reminding voters to double-check the paper record before leaving the polling place. It mandates automatic audits of at least three percent of all votes cast to detect discrepancies between the paper and electronic records. It bans voting machines that contain wireless networking hardware and prohibits connecting voting machines to the Internet. Finally, it requires that the source code for e-voting machines be made publicly available.

Holly Clap! There's not one thing in there that's wrong! If they actually implemented all those provisions, e-voting might actually work!

The proposal wasn't without its detractors, however. Several state election officials testified about the practical challenges of implementing the new requirements. Chris Nelson, South Dakota's secretary of state, warned that many of the requirements in the legislation would conflict with the states' own election procedures.

Oh BOO HOO HOO! Cry me a freaking river. "Oh it's too HARD to implement security! We need to have less restrictions so we can do this cheaper!" Idiots.

The law allows flexibility in how some of the auditing is done as long as it's NIST approved and the states always have the option of keeping the optical current methods if they decide that the regulations for e-voting are too strict or too expensive to implement at this time.

Of course, this almost sounds too good to be true. I'll have to read the law later, but I'm betting it has some terrible hidden catch like it legalizes eating little puppies or provides millions of pork dollars for human RFID implantations.

Update: It looks like the guys over at Slashdot feel the same way I do.

Washington State Dumb as Dirt – Uses RFID in Licenses

In an act of supreme stupidity and ignorance, Washington state has passed a law allowing residents to purchase an "alternative" drivers license that could be used in lieu of a passport at the Canadian border.

Citing the 9/11 Commission's support for more secure documentation for U.S. entry, Chertoff pointed out that U.S. Customs and Border Protection agents currently must look at more than 8,000 different forms of identification, whether birth certificates, driver's licenses or other documents.

So their answer to the problem?

The alternative license will contain a Radio Frequency Identification chip, commonly known as RFID, which the guard booths will use to scan the license as a traveler or trucker pulls up to the booth. U.S. passports issued since late 2006 already contain RFID chips.

They're going to offer a license that has no shielded covers like passports do that border guards will now just non-chalantly swipe across a reader rather than take the time to inspect. Brilliant. Maybe next, they can just put the readers out for the people in the vehicle to use making it even more convenient. That way, the criminals wouldn't have to bother changing the photo on the ID since no one would be looking anyway.

You'd think no one in Washington has been keeping up with the news about RFID passports.

Presidential Privacy Board Clears The President of Wrong-Doing – Go Figure

In a move that's sure to shock every child under the age of 6, Bush's privacy board cleared him of any privacy invasion.

Civil liberties groups who've advocated that the board be separated from the executive branch and given real subpoena power are unlikely to be satisfied with the board's findings. Congressional Democrats have already expressed disdain for the new report, and they're moving to strengthen the board's oversight capabilities.

Of course, if the people on the board are loyal to Bush then they'll have to be replaced as well or separation won't matter.