Saturday, October 4, 2014

Why we need smartphone encryption

The Washington Post argues against smartphone whole drive encryption:
LAW ENFORCEMENT officials deserve to be heard in their recent warnings about the impact of next-generation encryption technology on smartphones, such as Apple’s new iPhone. This is an important moment in which technology, privacy and the rule of law are colliding.

Apple announced Sept. 17 that its latest mobile operating system, iOS 8, includes encryption so thorough that the company will not be able to unlock it for law enforcement. The encryption is to be set by the user, and Apple will not retain the key. Google’s next version of its popular Android operating system also will be unlockable by the company. Both insist they are giving consumers ironclad privacy protection. The moves are in large part a response to public worries about National Security Agency surveillance of Internet and telephone metadata revealed by former government contractor Edward Snowden.

What has the law enforcement community up in arms is the prospect of losing access to the data on these smartphones in cases where they have a valid, court-approved search warrant. The technology firms, while pledging to honor search warrants in other situations, say they simply won’t possess the ability to unlock the smartphones. Only the owner of the phone, who set up the encryption, will be able to do that. . . .

How to resolve this? A police “back door” for all smartphones is undesirable — a back door can and will be exploited by bad guys, too. However, with all their wizardry, perhaps Apple and Google could invent a kind of secure golden key they would retain and use only when a court has approved a search warrant.

The non-technical journalists at the Washington Post demonstrate their technical ignorance with this editorial. They argue against a "back door" and then immediately argue for a "secure golden key" which would be a back door. They just give the back door a different name.

Also, they argue that drive encryption protects against the NSA. It doesn't. The data encrypted on the drive is AT REST, but the NSA intercepts data IN TRANSIT.

They also make Apple's and Google's encryption sound more secure than it really is. The vast majority of passcodes can easily be cracked by a sophisticated attacker like the FBI.

In addition, they ignore the real risk of unencrypted phones getting into the hands of thieves and hackers. In 2006 Boeing lost a single laptop that contained unencrypted identifying information for 382,000 employees and former employees. The personal information of those 382,000 employees could have been protected if Boeing had simply used whole disk encryption on the laptop. Ever since then, Boeing has required whole disk encryption on all company computers. The same practice should be used for phones for the same reason. People keep important data on their phones, and encryption is the best way to protect it in the case of theft.

Let's also not forget that the FBI once argued against strong encryption for web browsers. Today that strong encryption is essential for secure online banking.

If you don't think the FBI can get access to anyone's encrypted smartphone in an emergency, let this xkcd comic explain it for you.

Sunday, January 26, 2014

What drives success?

From The New York Times:
It turns out that for all their diversity, the strikingly successful groups in America today share three traits that, together, propel success. The first is a superiority complex — a deep-seated belief in their exceptionality. The second appears to be the opposite — insecurity, a feeling that you or what you’ve done is not good enough. The third is impulse control.

Any individual, from any background, can have what we call this Triple Package of traits. But research shows that some groups are instilling them more frequently than others, and that they are enjoying greater success.

It’s odd to think of people feeling simultaneously superior and insecure. Yet it’s precisely this unstable combination that generates drive: a chip on the shoulder, a goading need to prove oneself. Add impulse control — the ability to resist temptation — and the result is people who systematically sacrifice present gratification in pursuit of future attainment.

Monday, October 14, 2013

Robert Shiller wins Nobel Prize in Economics

Yale Professor Robert Shiller has won the Sveriges Riksbank Prize in Economic Sciences in Memory of Alfred Nobel:
Three American professors — Eugene F. Fama, Lars Peter Hansen and Robert J. Shiller — were awarded the Nobel Memorial Prize in Economic Science on Monday for showing that asset prices move unpredictably in the short term but with greater predictability over longer periods. . . .

Mr. Fama, 74, was honored for showing that asset prices are “extremely hard to predict over short horizons.” . . .

Mr. Shiller, 67, would later introduce an important caveat to the idea that markets operate efficiently, finding that stock and bond prices show greater predictability over longer periods. Mr. Shiller and other economists see evidence that these movements cannot be entirely explained by rational decision-making, and instead reflect the irrational behavior of market participants.
Robert Shiller also co-developed the modern methods of tracking home prices used by this blog and my housing graphs website.

Wednesday, November 7, 2012

2012 presidential election predictions vs actual results

Electoral-Vote.com and the FiveThirtyEight blog both made highly accurate election predictions long before any votes were cast. They did it simply by looking at the results of state-by-state polls instead of national polls.

The graphic below shows the Electoral-Vote.com predictions a full month before any presidential debates occurred, compared with the state-by-state election results known as of early morning on the day after election day.

Thursday, August 23, 2012

Euro-envy, the welfare state, and economic growth


Many Democrats wish the U.S. was more like Western and Northern Europe. Good idea?
Asia is set to have the world's wealthiest residents, with city-state Singapore heading the rich list.

Hong Kong, Taiwan and South Korea will do well, too, according to by a new survey that predicts which countries will be home to the wealthiest citizens by 2050. ...

By 2050, the Wealth Report estimates the world's wealthy citizens will be dominated by Asia: Singapore ($137,710), Hong Kong ($116,639), Taiwan ($114,093) and South Korea ($107,752). The only western economy projected to remain in the top five is the U.S., with an estimated per capita income of $100,802. ...

Old World economies will have the worst growth performance in the next 40 years, the report predicts: Spain, France, Sweden, Belgium, Switzerland, Austria, the Netherlands, Italy and Germany are at the bottom of the list. But Japan and its aging population will have the weakest projected growth of all economies, Knight Frank estimates.
In general, the size of a country's welfare state and it's rate of economic growth are inversely proportional, because a cushy welfare state (and correspondingly high tax burden) reduces the incentive to work, invest, and start new businesses.

That said, government spending isn't always harmful. Government capital investment increases economic growth. Governments should favor spending on intellectual capital (education and scientific R&D) and physical capital (transportation and communications).

The late Milton Friedman has a little to say about #2 on the list, Hong Kong:

Tuesday, August 21, 2012

JavaScript cryptography considered harmful?

After coming across an article from Matasano Security titled, "JavaScript Cryptography Considered Harmful," I decided to submit a question to the Security Now podcast to get a second opinion on the security of JavaScript cryptography. Here is Steve Gibson's take on the question of secure JavaScript cryptography in episode 365 of his podcast:


Matasano Security seems to be assuming a different use case than I'm interested in. They assume one wants to use JavaScript cryptography as a substitute for SSL/TLS, while I'm more concerned with secure storage of data in the cloud.

Friday, August 17, 2012

Why the prolonged economic slump? Housing.

Economist Dean Baker writes about a recent research paper from the Federal Reserve Bank of Cleveland:
The study goes on to note the extraordinary weakness in housing in this recovery and point out that this weakness could explain much of the weakness of the recovery.

While the study notes that there are questions of causation (a weak recovery could lead to weakness in housing), there can be little doubt that if residential construction had returned to its pre-recession level, as had been the case by this point in all prior post-war recoveries, the economy would be back near full employment.

Of course it is not hard to understand why housing has not recovered. The massive over-building of housing during the bubble years lead to an enormous over-supply of housing, which shows up in the data as a record vacancy rate in the years 2006-10. In the last couple of years the vacancy rate has begun to decline which can explain the recent uptick in housing over the last few quarters.

This housing story explains why we should have expected a long and drawn out recovery. There is no easy way to replace the massive loss in demand associated with the collapse of the housing sector. And, it is hard to blame the collapse on President Obama, since the overbuilding took place in the years 2000-2006 and the collapse was already well underway at the point where he took office. ...

Ultimately we will need an increase in foreign demand, meaning a lower trade deficit, to fill the gap. This will require a lower valued dollar which will make U.S. goods more competitive internationally. Unfortunately, neither candidate seems willing to make the case for a lower valued dollar, which means that we can probably expect a weak economy for many years into the future, regardless of who gets elected.

Thursday, May 31, 2012

A map of the free and non-free countries of the world

Here is the 2012 world map from Freedom House showing the free, partly free, and non-free countries of the world. The first thing that strikes me is how freedom or lack thereof is largely contiguous. Europe and the Americas tend to be free; Asia and Africa tend not to be free. Also, in general, free countries tend to be wealthier than non-free countries. (India is a notable exception!)

The evidence suggests that these are not coincidences. First, as Fareed Zakaria points out in The Future of Freedom, when a country becomes a democracy its per-capita GDP largely determines whether it will remain a democracy or revert back to dictatorship.

Second, historically, ideas about both political freedom (John Locke) and free-market capitalism (Adam Smith) came from Great Britain. The map below is largely a map of the influence of Great Britain and later the United States. The ideas about freedom, democracy, and capitalism spread from Great Britain to Western Europe and British colonies around the world. You can see below that the former British colonies of the United States, Canada, Australia, New Zealand, India, Botswana, and South Africa are all green, indicating that they are free countries. The United States in turn has influenced the Americas (the Monroe Doctrine and the Cold War), Western Europe (the Cold War), Japan (we effectively wrote their constitution after World War II), South Korea (the Cold War), and Taiwan (the Cold War). At the southern tip of Africa, South Africa and Botswana were both British colonies, and Namibia was previously controlled by South Africa. All three are green, indicating freedom.


I also find it interesting to see how the number of free countries has changed during my lifetime.

1972: Free - 29%, Partly Free - 25%, Not Free - 46%
2012: Free - 45%, Partly Free - 31%, Not Free - 24%

Tuesday, May 29, 2012

S&P/Case-Shiller national home price index falls again

In the first quarter of 2012, the S&P/Case-Shiller national home price index fell 1.9% year-over-year:
Data through March 2012, released today by S&P Indices for its S&P/Case-Shiller Home Price Indices, the leading measure of U.S. home prices, showed that all three headline composites ended the first quarter of 2012 at new post-crisis lows. The national composite fell by 2.0% in the first quarter of 2012 and was down 1.9% versus the first quarter of 2011. The 10- and 20-City Composites posted respective annual returns of -2.8% and -2.6% in March 2012. Month-over-month, their changes were minimal; average home prices in the 10-City Composite fell by 0.1% compared to February and the 20-City remained basically unchanged in March over February. However, with these latest data, all three composites still posted their lowest levels since the housing crisis began in mid-2006. ...

The S&P/Case-Shiller U.S. National Home Price Index, which covers all nine U.S. census divisions, posted a 1.9% decline in the first quarter of 2012 over the first quarter of 2011.
Unfortunately, crappy journalists at several different news organizations keep emphasizing the 20-city numbers instead of the national numbers. Why? Why would anyone think that an index that measures a random selection of 20 cities deserves more emphasis than an index that covers the overall country? (Note: The S&P/Case-Shiller national home price index really only measures 70% of the country, but that's still way more than just 20 cities.)

Friday, May 25, 2012

China criticizes U.S. human rights

Personally, I think constructive criticism of America's human rights record should be welcomed. In the case of the Human Rights Record of the United States in 2011, China backs up their criticisms with plenty of references. Here's a sampling from Section 2, "On Civil and Political Rights":
The U.S. imposes fairly strict restriction on the Internet, and its approach "remains full of problems and contradictions." (The website of the Foreign Policy magazine, February 17, 2011) ...

The U.S. Patriot Act and Homeland Security Act both have clauses about monitoring the Internet, giving the government or law enforcement organizations power to monitor and block any Internet content "harmful to national security." Protecting Cyberspace as a National Asset Act of 2010 stipulates that the federal government has "absolute power" to shut down the Internet under a declared national emergency. According to a report by British newspaper the Guardian dated March 17, 2011, the U.S. military is developing software that will let it secretly manipulate social media sites by using fake online personas, and will allow the U.S. military to create a false consensus in online conversations, crowd out unwelcome opinions and smother commentaries or reports that do not correspond with its own objectives. The project aims to control and restrict free speech on the Internet (The Guardian, March 17, 2011). According to a commentary by the Voice of Russia on February 2, 2012, a subsidiary under the U.S. government' s security agency employed several hundred analysts, who were tasked with monitoring private archives of foreign Internet users in a secret way, and were able to censor as many as five million microblogging posts. The U.S. Department of Homeland Security routinely searched key words like "illegal immigrants," "virus," "death," and "burst out" on Twitter with fake accounts and then secretly traced the Internet users who forwarded related content. According to a report by the Globe and Mail on January 30, 2012, Leigh Van Bryan, a British, prior to his flight to the U.S., wrote in a Twitter post, "Free this week, for quick gossip/prep before I go and destroy America?" As a result, Bryan along with a friend were handcuffed and put in lockdown with suspected drug smugglers for 12 hours by armed guards after landing in Los Angeles International Airport, just like "terrorists" . Among many angered by the incident in Britain, an Internet user posted a comment, "What' s worse, being arrested for an innocent tweet, or the fact that the American Secret Service monitors every electronic message in the world?" (The Daily Mail, January 31, 2012) ...
Note that although the report misses this nuance, Leigh Van Bryan, a tourist, used the word "destroy" as British slang for "party", but U.S. officials interpreted the word literally. He was jailed and deported because of this literal interpretation. The creepy thing about this incident is that it suggests the N.S.A. is reading everyone's tweets.
The U.S. continued to violate the freedom of its citizens in the name of boosting security levels (The Washington Post, January 14, 2012). The Electronic Frontier Foundation in 2011 released a report, "Patterns of Misconduct: FBI intelligence violations from 2001-2008," which reveals that domestic political intelligence apparatus spearheaded by the Federal Bureau of Investigation, continues to systematically violate the rights of American citizens and legal residents. The report shows that the actual number of violations that may have occurred from 2001 to 2008 could approach 40,000 possible violations of law, Executive Order, or other regulations governing intelligence investigations. The FBI issued some 200,000 requests and that almost 60 percent were for investigations of U.S. citizens and legal residents (www.pacificfreepress.com). The New York Times reported on October 20, 2011, that the FBI has collected information about religious, ethnic and national-origin characteristics of American communities (The New York Times, October 20, 2011). According to a Washington Post commentary dated January 14, 2012, the U.S. government can use "national security letters" to demand, without probable cause, that organizations turn over information on citizens' finances, communications and associations, and order searches of everything from business documents to library records. The U.S. government can use GPS devices to monitor every move of targeted citizens without securing any court order or review (The Washington Post, January 14, 2012). ...

The U.S. lacks basic due lawsuit process protections, and its government continues to claim the right to strip citizens of legal protections based on its sole discretion (The Washington Post, January 14, 2012). The National Defense Authorization Act, signed December 31, 2011, allows for the indefinite detention of citizens (The Washington Post, January 14, 2012). The Act will place domestic terror investigations and interrogations into the hands of the military and which would open the door for trial-free, indefinite detention of anyone, including American citizens, so long as the government calls them terrorists (www.forbes.com, December 5, 2011).