EKR: August 2006 Archives

Mass. Gov Mitt Romney:

BOSTON (Reuters) - Massachusetts Gov. Mitt Romney, a 2008 Republican presidential hopeful, said on Thursday his administration's new restrictions on stem cell research are aimed at heading off an "Orwellian" future.

The state's Department of Public Health this week issued regulations banning the creation of embryos for research purposes.

Scientists say stem cell research could lead to breakthroughs in treatments for diseases including cancer. But the issue has become ethically and politically volatile because extracting the cells entails destruction of an embryo.

"I believe it crosses a very bright moral line to take sperm and eggs in the laboratory and start creating human life," Romney told reporters. "It is Orwellian in its scope. In laboratories you could have trays of new embryos being created."

It's been a while since I read 1984, but I don't remember embryonic stem cell research featuring prominently in the list of horrors to which the people of Oceania were subject. I guess we're now at the point where "Orwellian" just means "very bad indeed" (as Cordwainer Smith once wrote about "un-British").

It's also worth noting that we passed the "bright moral line" where we "take sperm and eggs in the laboratory and start creating human life" almost 30 years ago.

Wharton professor emeritus L. Scott Ward was arrested after being caught with child pornography on his laptop at a border stop (þ Orin Kerr):

Ward, 63, was arrested Sunday after arriving at Washington's Dulles airport on a flight from Brazil, federal authorities said. He drew the attention of federal agents because of his unusual number of trips to Thailand, a destination for people seeking sex with minors, according to an affidavit released Monday.

Agents examined his laptop computer and found a video showing two children who looked to be as young as 8 engaged in sexual activity, authorities alleged in the affidavit. Agents also found video recordings of Ward involved in sex acts with boys who look to be about 14 to 16, the affidavit said.

I have no useful opinion on whether customs agents legally can search your laptop (Kerr seems to think they can) but it doesn't seem like a very useful practice for catching any serious smugglers. First, the amount of storage that still photographs and even video consume is relatively small in the grand scheme of things. Anyone who is serious about smuggling them into the country can easily hide the media somewhere other than their laptop. Even hiding it on an iPod would be pretty good, but you can hide solid state storage lots of places. Second, given that you have a mass storage device (laptop), iPod, etc. it's trivial to hide the data in ways that only a real expert inspection could find, for instance on unused sectors on the hard drive. And, of course, you can encrypt it. Finally, you can just bypass the physical storage entirely and encrypt it and transmit it into the country electronically.

Of course, that doesn't mean that you can't catch people who are unsophisticated, but those people aren't primarily smugglers. More likely they're people who ordinarily have contraband (for instance they downloaded it when they were in the US) and haven't bothered to clean it off their laptops.

I'm of course gratified that Plan B was approved for OTC use. I've been bitching about this for years, but luckily it's only been approved for women over 18 so I'll still be able to complain about it. That said, it's not clear it will have that big an impact on pregnancy rates. Raine et al.'s study in JAMA 2005 found no significant difference in unwanted pregnancy rates between women with "advance access" to emergency contraception and those who got it only via prescription. (Note: I haven't read the paper, just the abstract.)

The TSA has changed their rules again. Here's what's allowed now:

• Small amounts of Baby formula and breast milk if a baby or small child is traveling
• Liquid prescription medicine with a name that matches the passengers ticket
• Up to 5 oz. (148ml) of liquid or gel low blood sugar treatment
• Up to 4 oz. of essential non-prescription liquid medications including saline solution, eye care products and KY jelly
• Gel-filled bras and similar prostethics
• Gel-filled wheelchair cushions
• Life support and life sustaining liquids such as bone marrow, blood products, and transplant organs carried for medical reasons

Cause clearly nobody could ever put explosives in a saline container.

This is a balancing problem on two levels. Superficially, it's a simple security/convenience tradeoff. TSA would like you not to be able to bring anything on the plane but travellers won't stand for being deprived of their eye drops, K-Y (!) and wonderbras, so they have to make exceptions. However, the problem is that the list is now so long that it shouldn't be that hard to sneak your explosives in as one of the permitted items.

More important, though, is the higher level, which isn't a security/convenience tradeoff but rather an appearance of security/tradeoff. Since as a practical matter almost no screening methodology will work, the trick for the TSA is to find the level of incovenience that makes people feel like they're trying but aren't so annoyed they want TSA to scrap the entire program. I'd be very interested to know what decision procedure led to yes on K-Y but no on toothpaste.

Steorn's full-page ad in the Economist inviting scientists to test their perpetual motion machine has unsurprisingly created a lot of buzz (that was the point, right?) Of course, the probability that their device actually does what they say it does is vanishingly small, especially since they provide no hint as to what the new physics that might enable it to work is might be. (See their uninformative video here). Apparently a bunch of anti-counterfeiting guys just happened to blindly stumble on whatever the underlying principle is.

Anyway, if you really have a perpetual motion machine that puts out any appreciable amount of power, why bother to set up some long complicated testing process. Just set yourself up as a power company and sell power onto the electrical grid. Since the fact that you're emitting power (however generated) is easily verifiable, nobody has to believe your technology works, though presumably they will when your audited financial statements pass a billion or so.

Now, that said, it could be the case that your technology only generates a very small amount of excess power, but then doesn't it seem more likely your problem is measurement error rather than new physics?

Words fail me. (þ Reason).

Apparently feeling threatened by VoIP, AT&T is running radio ads pointing out that POTS phones are powered by the phone network and so continue to function even if you lose electrical power (except, of course, for cordless phones, which generally require wall power, sometimes with short-term battery backup.) By contrast, VoIP phones nearly always need wall power--especially if you're using a computer-based softphone--and your router almost certainly does. (You may remember this same argument being advanced for why TPC wouldn't sell you ISDN as your only phone.)

Of course, if you have a cell phone, this won't be that relevant to you, since the cell providers generally have backup generators [*] and modern cell phones have multi-day batteries, so you can survive a modestly extended blackout. (Cell phones often experience service disruptions during power emergencies, but that's a system overload issue not a power issue. As more people use cell phones as a primary communication device, expect the systems to get better at handling load.)

What's most interesting here is that it's an indication of how threatened AT&T feels by VoIP. Based on this ad, I'd expect to see ads about problems with VoIP and 911 service sometime in the near future.

As I stated earlier, it's a matter of near-total indifference to me whether people regard Pluto as a planet or not, nevertheless the proposed changes strike me as fairly confused. Let's recap. It's not really possible to draw a non-arbitrary-seeming dividing line between planets and non-planets that includes Pluto but doesn't bring in a bunch of other objects. This leaves us with three options:

• Stick with the arbitrary traditional definition.
• Pick a non-arbitrary definition that makes Pluto a non-planet. For some (irrational) reason, whenever it's suggested that we to this, some people get really upset.
• Pick a non-arbitrary definition that makes Pluto--and a bunch of other objects--planets.

Of course none of these options are really that satisfactory, and the third option--the one the IAU has chosen--matches the traditional definition pretty badly. Really, though, there's no reason why we can't have a technical definition of a term that doesn't match the colloquial definition (think of the economist's use of the term demand or the persistent confusion over the meaning of theory, as in the "theory of evolution".) Alternatively, we can just invent a separate term with a specific technical meaning, thus minimizing confusion. But insisting that the colloquial terms have well-defined meanings doesn't really produce that great results, as we're seeing in this case.

The Afghan government's attempt to suppress opium production isn't exactly a raging success:

United Nations drug officials say the new Afghan Government has largely failed in its efforts to eradicate the opium poppy crop.

A UN spokesman, Hector Maletta, said a government campaign, launched in April, had had a very limited impact.

The announcement confirms reports earlier this year that hardly any opium poppies had been destroyed despite government assurances.

...

The interim government of President Hamiz Karzai banned the production in January this year but, according to the UN report, most of this year's opium crop had been already planted by then.

Three months later, the authorities announced an eradication programme.

The government said the farmers would be paid compensation of $1,250 per hectare for destroying their crops.

But the UN says this was only a fraction of the estimated $16,000 per hectare of gross income which a farmer can earn.

This seems like a program with some fairly obvious flaws. First, if you're going to ask people to give you a 90+% discount, it's not surprising you don't get a lot of takers, especially when you have only limited power to make them take the deal. Second, paying people to destroy their crops seems like an invitation for them to pretend that they've done it when they haven't really.

Of course, there's an alternative approach that might meet with some success: rather than destroying the crops, buy the opium crop directly and destroy it. I've seen estimates for the value of the crop in the 1-3 billion range, which really isn't that much money in the grand scheme of things. If you pay for the crop directly, you don't have to bother to send troops out to destroy the fields--or even verify they've been destroyed--since the producers will bring it to you. Moreover, it's easy to detect cheating by doing quality control on the delivered product. Then once you have it you simply destroy it. Plus, you're pumping money into the Afghan economy.

One problem, is that farmers may try to expand production and sell opium to the warlords anyway, but providing an unlimited market and making it illegal to sell to anyone but the government ought to mostly suppress that. Another problem is that as with farm price supports in developing countries, there's the obvious problem of how to transition away from a supported economy, but that problem would be a lot easier to solve in an environment where the country isn't mostly controlled by narcotics-trafficking warlords, so it's probably something we can defer to 10 or 20 years in the future.

District Court Judge Anna Diggs Taylor has just enjoined the NSA's domestic wiretap program (opinion here) (þ TPM). I've just skimmed it, but some things jump out:

• The opinion explicitly considers and mostly rejects the state secrets defense. At least part of the basis for this is that the existence of the program is already public knowledge.
• The state secret defense privilege is allowed in the specific data mining claim where the plaintiffs wanted to do discovery.
• The opinion is grounded explicitly in the First and Fourth Amendments, so it's not entirely clear that this could be remedied by legislation. At minimum, such legislation would itself need to undergo review.
• The "inherent powers" defense was also rejected.

I'm not making any claims about the correctness of this decision one way or the other. I'm not a lawyer and I haven't had time to study it. Moreover, obviously one should expect the government to appeal this.

Google News has 800+ articles on the question of whether or not the IAU is going to demote Pluto from planet to asteroid. Apparently they've decided to upgrade three other objects instead:

Among the chosen few within the solar system would be not only Pluto, whose status has been challenged in recent years, but also Ceres, the largest asteroid; 2003 UB313, nicknamed Xena, an object discovered by Dr. Brown in 2005 orbiting far beyond Pluto in the outer solar system; and even Plutos largest moon, Charon.

In addition, at least a dozen more solar system objects are waiting in the wings for more data to see if they fit the new definition of planethood, which is that an object be massive enough that gravity has formed it into a sphere and that it circles a star and not some other planet.

The definition, they said, would apply both inside and outside the solar system.

The new definition was to be announced today in Prague, where some 2,500 astronomers are meeting in the triannual assembly of the International Astronomical Union. It is the work of the groups Planet Definition Committee, whose chairman is Owen Gingerich, a Harvard astronomer. The astronomers will vote on the definition on Aug. 25.

In a statement, Dr. Gingerich said this might not be the last word on what a planet is. Science is an active enterprise, he said, constantly bringing new surprises.

Maybe I'm missing something important here, but this seems to be a pretty clear case of map/territory confusion. As I understand it, we basically agree on the characteristics of Pluto and Charon, the question is just whether we call them planets or not. Does this affect anything? I mean, it's not like people on Charon are suddenly going to be the recipients of federal aid because Charon is now a planet. And how does the rest of the Kuiper Belt feel about it?

For that matter, what's this stuff about science being an active enterprise. Exactly what scientific discoveries would lead us to decide whether being round is part of the definition of being planet?

Here's (some of) TSA's current policy.

Beverages purchased in the sterile area must be consumed before boarding because they will not be permitted onboard the aircraft.

It's unclear what threats this is intended to address. Either you believe that it's possible to get contraband into the sterile area or you don't. If the sterile area isn't actually sterile, then you need to screen people again between the sterile area and the aircraft, because terrorists aren't exactly likely to obey your policy about discarding their liquid explosives.

On the other hand, if you believe that the sterile area is sterile, then it's hard to see what purpose is served by forbidding people from bringing liquids brought there onto the plane. It's arguable that you'd like to limit the number of liquids on the plane in order to make terrorists who have brought their own liquids on the plane conspicuous. But since it's fairly straightforward to keep your liquids in your bag and then mix them in the lavatory, I'm skeptical that this adds a lot of value.

Via my friend Don, here's Hitachi's "Noises that indicate a defective drive". If you hear these sounds, you better start hope you've taken some backups.

I wanted to elaborate on a point I made in the previous post:

Of course, all this assumes that ... (2) stop people from bringing them on their person through the magnetometer

Although carry-on luggage is x-rayed, in most cases the only screening that your body is subject to is the magnetometer--which only detects modest amounts of metal--and a visual screen for bulky items. Remember that 500 cubic centimeters of C-4 (less than a kilogram) is plenty to blow up a plane. An amount like this is easily hidden on your person (strapped to your inner thigh, in a wonderbra, etc.) Even larger amounts can be concealed with prosthetic bellies, fat suits, etc. So, it's not clear that as a practical matter you can stop people from bringing this kind of material onto a plane on their person without substantially better detection technology (e.g., millimeter wave radar) or much more aggressive personal searches.

In response to a British airplane terrorism plot which reputedly involved liquid explosives, the TSA has adopted some new screening procedures:

NO LIQUIDS OR GELS OF ANY KIND WILL BE PERMITTED IN CARRY-ON BAGGAGE. ITEMS MUST BE IN CHECKED BAGGAGE. This includes all beverages, shampoo, suntan lotion, creams, tooth paste, hair gel, and other items of similar consistency.

Note that you're allowed to bring this stuff in your checked luggage, just not in your carry on. Does this make any sense? As usual, we need to consider the threat model.

There are (at least) two reasons why checked luggage might be different from carry-on. The first is that there's a difference in terms of the level of possible screening. Checked luggage is in the possession of the airline for quite some time and so could in theory be subjected to more substantial analysis (e.g., neutron activation explosive scanning) than is routinely done for carry-on baggage (which is merely x-rayed). A related issue is that anything on your person just gets carried through the magnetometer, not x-rayed. Sometimes you get subjected to some kind of trace analysis, which basically doesn't work.

The second reason is that you have access to your carry-on while you're on the aircraft. Since setting off any bomb on an airplane in flight pretty much means you're going to die, this eliminates the inconvenience of having to have any kind of automatic detonation system. You just need something you can set off manually, which tends to be a bit easier to hide, especially on x-ray. That said, I've been thinking a bit about how to do undetectable automatic detonators and I don't think it's that hard.

Of course, all this assumes that (1) you can produce an accurate inventory of the kinds of items that need to go through extra screening/be checked (2) stop people from bringing them on their person through the magnetometer (3) you actually have the capability to detect explosives in checked luggage. I'm pretty skeptical that all these obtain, especially (1) and (2). In particular, as Perry Metzger has pointed out it's fairly easy to make explosives look like commercial materials.

None of this is to say that this sort of restriction isn't useful as a temporary measure. If you know that some criminal drives a white car, you look for people in white cars, even though you know that eventually he'll switch to another color. However, it does mean that the restrictions should probably be temporary and that once the terrorists have had time to adapt their tactics the cost/benefit tradeoff will probably reverse.

Lukas Grunwald's demonstration at Black Hat that RFID passports are clonable is getting plenty of press. Really, this isn't at all a surprising result; it was apparent as soon as you understood how the system was constructed.

It's useful to start from first principles and ask what the threat model for a system like this is. When you show up at Immigration with your passport, the inspector wants to know that:

1. There's a person with some set of attributes (citizenship, criminal record or lack thereof, etc.)
2. That that's the person standing in front of them.

Now, in the case of physical passports, these security properties are ensured via the following features (hopefully):

1. Convincing passports are hard to manufacture.
2. Passports are hard to alter without leaving evidence
3. There's a backend database which you can look up from the passport number.
4. Passports contain biometric information (photographs for current generation passports) which the inspector can match to the person in front of them.

Features 1-3 correspond roughly to our first goal. They bind the user's identity and attributes to the physical passport. The biometric matches the second goal, binding the physical person to the passport. Putting these together allows you to bind the physical person to the back-end attributes, which is what you want if you are trying to decide whether to let someone into the country.

Now let's talk about electronic passports. The natural design, and the one that seems to be being used here is to have the passport be effectively a digital certificate: a biometric, a record locator, some attributes, all signed by some national CA (i.e., the US state department). The inspector scans the passport, his terminal verifies the digital signature and displays the biometric which somehow gets verified against the user. If the biometric is a photograph, then this comparison is typically done manually. If it's something else like a fingerprint or an irisprint, then it's done automatically.

In an ideal world, this system works perfectly well. There's no need to conceal the information on the passport because the only person who can use it is the person with the right physical characteristics--i.e., the passport holder. So, even if you have a copy of the passport it's no good to you if you're not the right person.¹ Unfortunately, we don't live in an ideal world.

The first problem is that this absolutely depends on using the signed biometric, not the one printed on the passport. Otherwise, you're just using the physical document again. Thus, in order to get the security of the electronic passport, you need to have a pretty substantial scanner—one with a big enough video screen to compare to people's faces. At some level, it would be better if the passports were blank so you had to use the scanner. (Consider what you do if you can't get the scanner to work... We badly need a human factors stufy here.)

The second problem is that the biometric comparisons aren't very good. People's ability to match faces to photographs is better than computer's but it's still not very good, especially when the photos are up to 10 years old and the verifier is in a a rush, which they often are. In the case of physical passports, the (alleged) difficulty in manufacturing a totally new passport provides a kind of defense in depth: whoever is being admitted needs to have a passport, even if it's not theirs. Obviously, however, this situation doesn't obtain if the passport is all electronic and the data is easily copied.

This brings us back to Grunwald's attack. The new RFID passports contain a signed biometric stored in an RFID chip. When the chip is read it just returns the stored value. Obviously, if you can capture that signal then it's not particularly hard to make a second device that generates the same signal (what's called a replay attack). The only question here is whether that device can be made from commodity components or whether you'd have to custom-build it Grunwald's work shows that you can build it from commodity components. But the general feasibility of this attack has been well known for a long time.

There are, of course, ways to prevent a replay attack. The standard technique is to make the authenticator do something dynamic. For instance, you could make the data stored in the passport chip include a public key--i.e., be a certificate. The reader would provide the passport with a challenge, which the passport signs. At this point, capturing a single response doesn't do the attacker any good because you can't sign a new challenge. Of course, you can still clone a passport if you have physical possession and extract the key (there are hardening techniques, but none secure enough to stop a dedicated attacker and economical enough to use on every passport). You can't do it merely from observing its communications.

The major drawback of this scheme is that it requires doing some processing on the passport, which the current scheme does not. That may be a dealbreaker--my impression is that current RFID tokens can't do any significant amount of processing, and probably not enough to do a public key operation.² As far as I know, however, there's no scheme which isn't sensitive to replay attacks which doesn't involve doing some processing on the token.

^1. There's a direct analogy to public key certificates, which also don't need to be kept secret.
^2. It's possible you could use a symmetric key printed on the passport and then use a MAC rather than a signature. The drawback of this is that you can't remote read securely. On the other hand, if you only want to do remote read for tracking but local read for authentication...

It's worth reading Orin Kerr's analysis of Specter's FISA Bill. Key passage:

This explicit incorporation of Fourth Amendment law as the sole test of the statute is troubling, I think, because the Fourth Amendment standards for electronic surveillance are tremendously murky right now. For example, courts have held that you don't have a reasonable expectation of privacy in calls to or from cordless phones, and they have used reasoning that would also appear to apply as well to cell phone calls. (You have statutory privacy protection, which is much stronger than constitutional protection, but not constitutional protections.) If you don't have a reasonable expectation of privacy in your cell phone calls, which those cases suggest is the case, Specter's bill would mean that the NSA can tap every cell phone in the country of every US citizen, for entirely domestic calls, all without a warrant. This monitoring wouldn't be "electronic surveillance" because (based on the cordless phone cases) the Fourth Amendment doesn't apply.

Similarly, right now it's really uncertain whether one can have a reasonable expectation of privacy in your e-mail, and if so, when such protection exists. (Again, there is statutory protection, but constitutional protection is really uncertain.) Some scholars suggest that there is such protection, others suggest there isn't; as a matter of doctrine, the answer is essentially unknown. But if the statutory standard hinges on constitutional protection, and it may be that there isn't any constitutional protection at all, then t may be that there is no statutory protection either. And since the government's applications are secret, we wouldn't know it.

Of course, e-mail isn't the only kind of Internet communications and it's not any clearer that you have an expectation to privacy for your VoIP, IM, or Web traffic. This is a particularly interesting question for VoIP, since you can call somebody on their landline phone from your ordinary POTS phone and have it transition to VoIP somewhere in the middle. What's your expectation of privacy there?

From The One Percent Doctrine:

KSM's two children, a seven-year-old boy and a nine-year-old girl, were als in US custody, picked up when the Karachi safe house had been raided the previous September. From Langley, a message was passed to the interrogators at a secret detention center in Thailand, where KSM was being held: do whatever's necessary.

According to several former CIA officials interrogators told KSM his children would be hurt if he didn't cooperate. The response, said, one CIA manager with knowledge of the incident: "He basically said, so, fine, they'll join Allah in a better place."

The traditional models of debriefing, used by both FBI and CIA, involved the building of a relationship, no matter how long and arduous a process. It's the need for some human contact, some basic comfort, rather than simple the bottomless human fear, which ultimately triumphs. The captive's previous life starts to fade and is slowly replaced by one constructed, often ingeniously, by his captors. This method, which the FBI still recommends, by his captors. That's the gamble. Once you do something as horrific as threaten someone's children, and it doesn't work—there's nowhere else to go.

Outstanding!

So, you're a famous athlete in a sport with a big doping problem. Like a lot of other athletes, you've decided that a little testosterone might improve your performance. Unfortunately, the T/E ratio on your A sample has just come back positive, which isn't a good sign. Actually getting censured is a multistage, so, what can you do in the meantime? Your general strategic options look something like this:

1. Admit guilt.
2. Claim experimental error and that the B sample test will vindicate you.
3. Claim that yes, you have a very high testosterone level but it's endogenous and that the isotope test will clear you (similar arguments are possible for EPO).
4. Claim that the tests are inherently bogus.
5. Admit that the testosterone levels are high and exogenous, but that you have no idea how it happened.

For what it's worth Floyd Landis's defense was roughly #3.

So, what's your best strategy? #2 and #3 only make sense if you actually expect the tests to clear you. Otherwise, you end up with shifting rationales and this makes you look guilty. If you know you're doping, it seems pretty unlikely that the A sample result is experimental error, so it's also pretty likely that the B sample will come up with high testosterone levels. So, this rules out #2. #3 is not a bad choice, since as I understand it the isotope test isn't that reliable and you might get lucky and happen to be consuming foods with an isotope ratio not that different from the one in the testosterone you were taking.

On the other hand, you might get unlucky and then you either end up having to fall back to #4 or #5. At some level these are variants of the same strategy: "I know i'm not a cheater so something else must be wrong." On the other hand, they have different objectives: #4 is targeted at your public image, since you're claiming that you actually earned your results and that the tests are wrong. #5 is targeted mostly at getting off, since after all you were doping, you just didn't do it intentionally, so you can't be blamed for it--but you didn't earn your results. This might earn you a lighter suspension, I suppose.

And of course admitting guilt is always an option, but one that's best done right away, without further denials, since otherwise you look like both a cheat and a liar....

Aaron Falk pointed me to my new look:

Here's the translation of the text underneath:

The man, us dini Mueter brought and to Polo´s kiosk RWS PSE, announces with double album his candidate shank on the throne HipHop Helvetias. The king is dead,it lives the king or in Zürislang briefly: Dunne with em King. And that is EKi clearly - in all languages and speeds, with massively Styles and Style he crowns like once Napoleon and gives themselves also equal the Huldigungen.

...

The fact that it for it in superhero costume geschmissen itself has shows EKR´s recreating irony. Otherwise it became also fast between all the praise and the self praise the arrogant ass.

Exactly!

Your average energy gel (Gu, PowerGel, etc.) consists of very few important ingredients:

• Some carbohydrate mix (typically maltodextrinM/A> and fructose).
• Water
• Flavoring.
• Electrolytes
• Some science nutrient blend (antioxidants, aminos, etc.)
• Some stimulant (caffeine, ginseng, etc.)

It doesn't take a PhD in nutritions science to recognize that this isn't that different from candy. Jelly Belly has recognized this and has come out with Sport Beans--jelly beans allegedly designed for athletes. I've tried them and they're not bad. Based on the ingredient list it looks like they're pretty heavy on simple sugars. The research here isn't totally definitive but there is some data to suggest (and it's very widely believed) that maltodextrin is a better choice than sucrose or glucose.