RFID

Through various channels, I have followed the development and deployment of Radio Frequency Identification (RFID) technology for a couple of years now and finally decided to write something about it. Let me start by stating that my position is one of passionate opposition to the use of this technology in specific applications.

RFID technology consists of tags (a chip, antenna and possibly a power source), and readers (handheld, mobile or stationary). Reading distance varies primarily due to whether or not the tag is powered, and the radio frequency used. Unpowered (passive) tags receive power from the radio signal of the reader. Their read ranges vary from 2 millimeters to several meters. Powered (semi-passive or active) tags currently have a maximum read range measuring tens of meters. When a tag comes into proximity of a reader, it transmits a unique identifier. The current EPCGlobal standard (1.6MB pdf) for RFID uses a 96-bit identifier, which is a large enough number to identify uniquely every consumer object in the world for the next 1,000 years.

That’s all most RFID tags do – transmit a number. What makes RFID technology so powerful are the databases that store information related to that number.

The PR line coming out of most corporations engaged in RFID projects enthusiastically extols heretofore unrealized efficiencies in the supply chain. The implication is that businesses will have a better, cheaper handle on their stuff as it moves from manufacturer to distributor to retail destination. This will result in the products you want being in stock, and cost savings that companies will no doubt pass on to consumers. Another frequently touted consumer advantage is automated checkouts – you won’t even need to take your purchases out of the cart.

The only cost to the consumer is the total elimination of privacy, and a ready-made infrastructure for a global surveillance society.

I am not exaggerating.

Privacy

Once tags become cheap enough (the target is 5 or fewer cents per tag) the goal of corporations is to tag merchandise at the item level. Every needle, no. Every package of needles, yes. Today’s bar codes uniquely identify classes of products. A bar code can identify a box of Cheerios as such, but cannot distinguish one specific box of Cheerios from another. RFID can, because of the size of the number used. In addition, a bar code requires unobstructed line of sight. Radio waves can be read through shopping bags, shelves, walls and floors.

The greatest benefit that item-level RFID tags offers businesses is the pinpoint insight it gives into the lives of consumers.

Try this on for size:

Sandra Soccermom (38 years old, divorced, 2 children, income bracket 40K to 50K) entered SuperMegaMart #1418 (the SuperMegaMart location she frequents 95% of the time, 2.5 miles from her residence) at 5:42pm EST 1/4/2006. At 5:44pm she removed a 20-pack box of Tampax Super Absorbent tampons from the shelf for 11.2 seconds, replaced it and picked up 20-pack box of Tampax Super Plus Absorbent tampons and placed them in her cart. At 5:46pm she removed a pint of Haagen-Dazs mocha almond fudge ice cream and placed it in her cart. Prior transactions show a high correlation between Sandra Soccermom’s purchase of feminine sanitary products and ice cream. Recommend marking up ice cream in 5% increments when feminine sanitary products are detected in cart, until price tolerance threshold for this consumer is determined. At 5:49pm she checked out, paid cash and used her SuperMegaMart Savings Club Card. The Tampax box was identified during a streetside garbage scan on 1/10/2006, suggesting use by an additional member of the household.

– A Brief Glimpse into MrPikes’ Fevered Imagination

This scenario is 100% realistic when one combines RFID with demographic information readily available from companies like Acxiom, ChoicePoint and LexisNexis, who are in the business of aggregating data from a variety of sources, then reselling it to businesses and the United States Government.

The garbage scanning part of the scenario is where most people end up backing away from me with nervous smiles. Please to note, the Supremes ruled that individuals have no reasonable expectation to privacy when it comes to garbage they have placed out for collection, and that police can search it without a warrant (see California v. Greenwood). Data collected from searching trash is something that marketers already pay for. RFID just makes it easy to hire some schmuck with a car-mounted reader to drive slowly through neighborhoods on garbage day for $6.00 an hour.

In the United States, data collected about you does not belong to you, it belongs to the entity that collected it. It can be purchased by anyone to whom the collector chooses to sell it. That includes your employer, or potential employer.

Several companies have successfully banned their employees from smoking, on or off company property. The reason cited most is the cost of health insurance. Imagine if the company for whom you work banned not only smoking, but eating certain foods or drinking alcohol (all legal activities, incidentally), using the same argument. The data collection that RFID enables makes it that much easier to enforce such policies. As for the argument that an employee is free to work someplace else, that argument only works if there are companies out there that do not have such bans today, or decide to implement them tomorrow.

RFID’s appeal to marketers is huge, the increase to the corporate bottom line is significant, and the benefit to consumers is entirely negotiable.

Of course, if Renfields like RFID Journal are to be believed, RFID not only offers big benefits to the consumer, it’s also necessary to preserve National Security. The following comes from their FAQ:

Are there any consumer benefits to RFID? Or do all the benefits go to the companies that use it?

There are many consumer benefits. Greater efficiency in the supply chain will reduce costs and improve efficiencies. Companies will pass some of these savings on to consumers to try to gain market share from less efficient competitors. RFID could be used by retailers to expedite returns and by manufacturers to manage warrantee claims and improve after-sales support of items such as computers and DVD players. RFID could also reduce the counterfeiting of pharmaceutical drugs and insure the integrity of products purchased by consumers. And RFID could be used to secure the food supply and prevent terrorists from sneaking weapons of mass destruction into a country through shipping containers.

Is it just me, or does playing the terrorist card this early in the game just stink of desperation?

The only attempt made to pacify privacy concerns (besides the empty promises of corporate shills) is a component of the RFID standard itself. The current protocol calls for readers to be able to issue tags a “kill” command. Once a tag is told to “die” it will no longer respond to interrogation from subsequent readers. This technological solution to the privacy issue is problematic for several reasons. Even stipulating that a killed tag can never be brought back from the dead, killing a tag runs counter to interests of business. It is therefore reasonable to expect that businesses will offer incentives to consumers to leave tags alive, or make it highly inconvenient to do otherwise (like inextricably linking tags to returns and warranties). In addition, killing tags at the point of sale does not address the data collected prior to checkout. Last, once RFID is deployed globally, any government at any time could make it illegal to kill tags (more on this in the Surveillance section).

Just as you can tell a lot about a given consumer from hus garbage, you can tell a lot about a corporation by examining its patent applications. IBM’s “Identification and Tracking of Persons Using RFID-Tagged Items” (USPTO patent pending 20020165758) says a lot about the less-publicized intentions for RFID. BellSouth’s “Radio-Frequency Tags for Sorting Post-Consumption Items” (USPTO patent pending 20040133484) deals with, that’s right, scanning your trash.

Surveillance

Ubiquitous RFID will effectively eliminate anonymity once and for all.

The data trail that people leave behind as they go about their lives grows as technology becomes more pervasive. It is already possible to track an individual’s movements via hus credit cards, transit cards (such as New York’s MetroCard or RFID-based automatic toll collection devices), cell phone, access control card (swipe or proximity cards that open doors), and publicly placed cameras.

There is a long list of criminal investigations that have effectively used evidence from all of these sources. An interesting example can be found here. I take no issue with accessing personal data, with a warrant, to prove a suspect’s whereabouts at the time a crime was committed.

Imagine that you have RFID tags embedded in the soles of your shoes. I’ll even stipulate that they were put there by a business strictly for the supply chain benefits. However, you paid for the shoes with a credit card, or you used a valued customer card, or you subsequently walked into a store wearing those shoes, and then purchased something in a way that identifies you. There is now a record in a database connecting your identity with those shoes. Now imagine an RFID reader at every highway onramp/offramp, tollbooth, subway entrance/exit and connected to every stoplight camera.

The hard part of putting any new technology infrastructure in place is running power and communications. With the exception of onramps and offramps, the power and communications for this is already there.

Federal agencies, per the 1974 Privacy Act, cannot legally collect or share data on individuals who are not suspected of a crime, or connected to an investigation, except to provide services like Social Security. However, there is nothing in the current law stopping them from hoovering up personal data from aggregators like Acxiom, ChoicePoint and LexisNexis (as mentioned in the Privacy section) by the terabyte.

When RFID is implemented in passports, driver’s licenses and state-issued identity cards, the whole public sector/private sector data collection loophole will be moot anyway. Backing away from me with a nervous smile? Save it for the homeless guy waving the broken bottle and go here.

The availability of this kind of data will chill Freedom of Assembly. This is a good right to have when meeting with friends to organize things like overthrowing your government because they’re a bunch of assholes.

So? Show up to your government overthrow meeting without any ID. That works fine until carrying identification is legally mandated. Okay, break the law. Well, you had better scan everything you wear to the meeting with a tag reader, lest your necktie rat you out. Did you buy that necktie with cash? Assuming that RFID hasn’t already been put into cash by the time that you bought the necktie, the FBI or whoever can still identify the necktie as being present at a subversive (i.e., terrorist) meeting. So the FBI starts a file on the necktie or, more likely, beret. It shows up the next time you walk through the door of your local 7-11 at 3am on a burrito run. The only transaction logged 15 minutes before or after the initial scan is from your debit card.

We enjoy some fantastic freedoms in this great nation that we, perhaps, take for granted because we’ve never known it any other way. Imagine having to go through a federal checkpoint when crossing from one state to another. Now, imagine being denied passage.

Conclusion

The fundamental argument against RFID is this:

Data that does not exist cannot be abused. Data that exists will eventually be abused. Any other discussion is about scope, and RFID’s scope is terrifying.

I encourage you to write to your government representatives about the RFID Right To Know Act. It calls for all RFID-chipped goods to be identified as such, which is about all we can hope to get out of a government that has a vested interest in seeing RFID deployed.

Katherine Albrecht and Liz McIntyre have written a fantastic book on RFID called Spychips : How Major Corporations and Government Plan to Track Your Every Move with RFID. This important book has caught some flak for using allegedly sensational, alarmist language. In fact, such criticism kept me from reading it for several months. All I can say is that I found the subject matter plenty alarming and the writers’ style engaging and witty. Keep up-to-date on www.spychips.com. Katherine and Liz sure are.

Further Thoughts on the Wiretap Scandal

I’ve been reading and listening to individual reactions to the Wiretap Scandal (which was recently reported to go a lot deeper than the White House initially disclosed). I want to address a particularly dangerous argument that people are trotting out yet again to justify the actions of a government that spies on its own citizens.

If you have nothing to hide, you have nothing to fear.

This argument has been around for a long, long time and it implies that:

  1. Citizens have no inherent right to privacy
  2. Surveillance only affects the guilty

Addressing the first implication, the closest the United States Constitution comes to identifying a right to privacy is in Amendment IV of the Bill of Rights:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

The key idea here is the government needs to have a compelling reason to look into your life and, in order to check abuse, two branches of government (Executive and Judicial) must be involved.

When discussing the Constitution, it is sometimes necessary to remind people of one incredibly important fact – the Constitution does not enumerate what citizens can do, it enumerates what the federal government can do. The Bill of Rights (the first 10 Amendments) specifically addresses some things that the federal government cannot do. What’s more, Amendment X states that any power not specified in the Constitution rests with the States or with the People.

Therefore, from the correct perspective, the question isn’t “Where in the Constitution does it state that citizens have a right to privacy?”, the question is “Where in the Constitution does it state that citizens do not?”

At the heart of our Constitution is the simple idea that people need protection from their own government. It’s an amazing, wonderfully subversive idea that is unfortunately not understood by most Americans. Digressing, I think it would be a very interesting experiment to reword and repackage our own Constitution as a Manifesto written by boogeyman Osama Bin Laden and then gauge public reaction to it.

To the second implication of the “if you have nothing to hide” argument, we all have something to hide. Embarrassing medical conditions, sexual proclivities, unpopular opinions, past lapses in judgement, financial information – all things we would prefer to disclose at our sole discretion. All things that a government with unchecked surveillance powers could disclose to discredit us or, by threat of disclosure, influence us.

The whole reason for checks and balances is because power corrupts. Why even debate the Patriot Act, why have a Foreign Intelligence Surveillance Court if the Executive branch can bypass laws and procedures at will? If the current president finds certain laws inconvenient, isn’t the solution to go through the process to change the laws, publicly and transparently? You know, like we were a representative democracy?

It is still in our best interests to be very, very careful about the laws we allow, especially when granting additional powers to the government. America’s legal history is littered with laws passed with specific intentions that are subsequently used to justify activities which the laws were never meant to address. The necessity for the careful wording of laws is not unlike the care one should take when making wishes to genies or monkey’s paws. As a recent Onion horoscope advised:

The wheelchair and the indignity will be bad enough, but the worst part is going to be explaining to your wife exactly what you said to the genie to make him take off your legs like that.

Supreme Court Justice Louis Brandeis (co-author of the seminal 1890 article The Right to Privacy) wrote in his famous Olmstead dissent (related to Elliott Ness and his Untouchables wiretapping bootleggers):

If the government becomes a lawbreaker, it breeds contempt for law; it invites every man to become a law unto himself; it invites anarchy.

The precedent we are about to set is incredibly important. If we say that this president is above the law, we are saying that all future presidents are, too. Pick your least favorite politician and then picture hume as president. Are you still okay with the president being above the law?

It’s Impeachment Time

With the sheer volume of reports spewing from mainstream news agencies, blogs (Schneier, The Ape Man) and bearded weirdos on street corners regarding the recent revelation that our President admits with pride and conviction that he authorized (some 30 times) the National Security Agency to spy on American citizens without warrant, you may well ask, “Et tu, MrPikes?”

Yep, and here’s why: There simply isn’t enough outrage. The last one was impeached by the United States Congress for lying about a blowjob. This one is responsible for the deaths of thousands of Americans, tens of thousands of Iraqis and Afghanistanis, mismanaging the federal response to a natural disaster, systematically laying the foundation for a police state (USA PATRIOT Act, Real ID, secret prisons, Gitmo, torture), spending the country into massive debt, further eroding the wall between Church and State, committing egregious acts of the worst kinds of cronyism (here, here, and here), and now openly admits to committing repeated criminal violations of Section 1809 of the 1978 Foreign Intelligence Surveillance Act.

Section 1809 reads as follows:

(a) Prohibited activities
A person is guilty of an offense if he intentionally—
(1) engages in electronic surveillance under color of law except as authorized by statute; or
(2) discloses or uses information obtained under color of law by electronic surveillance, knowing or having reason to know that the information was obtained through electronic surveillance not authorized by statute.

(b) Defense
It is a defense to a prosecution under subsection (a) of this section that the defendant was a law enforcement or investigative officer engaged in the course of his official duties and the electronic surveillance was authorized by and conducted pursuant to a search warrant or court order of a court of competent jurisdiction.

(c) Penalties
An offense described in this section is punishable by a fine of not more than $10,000 or imprisonment for not more than five years, or both.

(d) Federal jurisdiction
There is Federal jurisdiction over an offense under this section if the person committing the offense was an officer or employee of the United States at the time the offense was committed.

FISA was specifically put in place in the wake of abuses committed by Lyndon Johnson, Richard Nixon and the FBI (COINTELPRO). The powers of the oversight body (the Foreign Intelligence Surveillance Court) are broadly defined and shadowy as hell, but the entity at least ensures some degree of independent oversight.

The argument put forth by Secretary of State Condoleeza Rice for President Bush circumventing the law is that the process was too cumbersome to keep up with today’s go-go terrorists. FISA specifically permits retroactive warrants to be obtained 72 hours after the fact, if an emergency exists. What FISA does not permit are expansive fishing expeditions without probable cause. Incidentally, FISC Judge James Robertson has resigned over this. When the judge of a secretive organization with broad powers resigns because the president has gone too far, it’s time to start paying attention.

President Bush broke the law. Further, he states that he has no intention of stopping. It’s okay though, because he’s the President.

He’s the most serious kind of asshole and he needs to go. Nothing I write here can possibly express how much damage this man has done to this once-great nation’s world stature, or how far his actions have gone to making the United States an even bigger target for terrorist attacks than before.

Enough already. Fire this man. We sort-of elected him *twice*, and we can go a long way to showing the rest of the world that we’ve come to our senses if we take positive action to remove this menace rather than allowing his term simply to peter out. Okay, so we get President Cheney (or what’s left of him) for the next three years. All I can say is that he will be placed so firmly in the category of ‘damaged goods’ as to weaken the Executive branch’s influence to the point of non-existence.

For those who are fearful that such an action will make us more vulnerable because we will be perceived as weak, don’t forget, approximately half of those who participated in the 2000 and 2004 elections voted for this disaster. Demonstrating to the entire world that we will no longer be complicit to this would-be dictator’s destruction of our proud national identity is hardly a weaker position than passively continuing to endorse him.

Snowclones

My pal Gokmop (who is way more prolific than me) has published an article on Wikipedia about snowclones. “Snowclone” is an Internet meme that can be simply defined as inserting a new word or phrase into an old idiom. For example, substituting the word “laptop” for “dime” in the expression “Brother, can you spare a dime?”, resulting in “Brother, can you spare a laptop?”

“Snowclone” is most often used in a derogatory context, pointing out the laziness of some writers and journalists. The example above probably even made you think of the headline to some pablum that passes for the Fourth Estate these days.

Gokmop’s material always makes for good reading, so check out his article and, if you’re game, contribute to the ever-growing List of Snowclones.

Last, if you’re not already among the converted, do yourself a favor and get to know Wikipedia.

DRM and Sony

As a nerd, I sometimes forget that topics that are familiar and important in my world do not always carry the same level of interest (or outrage) among non-nerds. This is sometimes awkward, since I have friends and colleagues on each end of the playground.

For those who are not already aware, DRM is an acronym for Digital Rights Management – the entertainment industry’s latest term for copy-protection. DRM does for digital content (music, movies, games) what syphilis does for dating.

Anyone already familiar with the history of DRM as it relates to copyright (and can easily name each Star Wars film in which Boba Fett appears), can skip over the “DRM” section and proceed straight to the spectacular boner that Sony pulled, under the “Sony” section.

DRM

The whole DRM issue revolves around the right to “fair use” of digital content on one side, and the protection of copyright on the other. In Universal City Studios v. Sony Corporation of America (the “Betamax” case), The Supremes ruled that the recording of broadcast television for the purpose of time-shifting was not copyright infringement but, instead, fair use. This interpretation has since been expanded to include activities like making personal backups of purchased content. This decision plus the doctrine of first sale (which says that one can sell or give away a copyrighted work that was legally purchased) give consumers some rights when it comes to digital content.

However, two important developments occurred that, in combination, have record label and movie studio executives freaking up one side of the board room and down the other:

  1. Media formats that can be copied without degradation
  2. The emergence of file sharing networks such as Napster, Grokster, Gnutella, LimeWire and BitTorrent

We are no longer talking about Jim recording The Eagles Greatest Hits from vinyl to cassette and then giving it to Dave. Now anyone with a computer and some time can obtain high quality copies of music and video for free.

The Recording Industry Association of America (RIAA) and the Motion Picture Association of America (MPAA) have responded in two important ways to this situation – legislation and DRM.

Legislation: In 1998, they purchased a law from Congress called the Digital Millenium Copyright Act (DMCA), that criminalizes attempts to circumvent copy-protection, but is so broadly worded that I am technically breaking the law by trying to guess one of my own passwords. With the DMCA in place, the RIAA and MPAA are trying out a novel business model – suing their customers.

DRM: Through proprietary hardware and software, various companies in the business of selling copyrighted content are attempting to place restrictions on how the content can be used, e.g., limiting the number of times a purchaser can play the content or make a copy, interfering with an individual’s ability to move content from one device to another, etc. The stated reason for these restrictions is to combat piracy. In reality, DRM does nothing to prevent piracy, due to:

  1. Shoddy implementation
  2. The nature of digital media (as Bruce Schneier puts it, “Bits are inherently copyable, easily and repeatedly.”)

All it takes is for one clever individual to strip the DRM from a given digital file and make it available online. That file can then be downloaded by as many individuals as care to do so. The **AAs are attempting to impose physical rules on a digital realm, with predictable results. Whenever the latest scheme doesn’t work, they fall back to litigation.

The only way to make DRM effective would require such sweeping, draconian, backward changes to the entire digital media distribution/consumption model as to make one ask the question, “What problem are we trying to solve again, and why?” So, of course, that’s the legislation the **AAs tried to purchase next. The Consumer Broadband and Digital Television Promotion Act (CBDTPA), was draft legislation that would criminalize any technology that didn’t have DRM implemented that was capable of reading digital content. This means DRM built into the hardware of every television, PC, DVD/CD player, satellite radio receiver, game console, etc. The legislation is dead, for now, but special interests have very deep pockets and longevity on their side.

DRM is a barrier to what digital consumers want – interoperability. People want to use the content that they paid for however they want, and the doctrine of first sale says that this is okay. Unfortunately, if that content includes DRM, exercising your rights makes you a criminal, on account of the DMCA. It’s true, some people don’t care that their purchased content has DRM, because it hasn’t gotten in their way. Yet. When it does – they have a hard drive crash and lose every song they bought from a particular online provider because they cannot restore a unique key, or they decide on a different brand of portable player and cannot port their collection to it, or they hit the restricted number of copies on a given song – they will most likely change their tune.

As to piracy, some argue that DRM pushes more people to break the law. There are people who purchase a song online, then download the same song via a file sharing application so they can have a DRM-free copy in the format of their choice. In many ways, the RIAA created this situation and now they’re trying to sue the genie back in the bottle. The technology to sell online music was available for years before iTunes opened its doors. Why? Because the RIAA resisted, and continues to resist, the new distribution model. Motivated purely by greed and control, the RIAA wants to keep things the way they’ve always been. Smart organizations adapt to and capitalize on changing markets. Not the RIAA, though. If the RIAA had been in the buggy whip business circa 1900, their profits would still be thriving because they would have successfully lobbied to get a kickback on every gallon of gas sold, the way they do today with blank, recordable media.

Piracy is a legitimate problem, but it’s mostly a physical one, i.e., the illegal distribution of CDs and DVDs in overseas markets. The figures that the RIAA quotes for losses due to online piracy are grossly inflated. For one thing, they reason that every song downloaded via a free file-sharing application would have otherwise been purchased. And not just the song, the whole CD. In addition, their figures conveniently fail to factor in their own reduction in new releases over the same period, or the state of the economy. Online music piracy is simply not the boogeyman that the RIAA dresses it up to be; it’s a specter that they use to their advantage. The RIAA record labels are not about to go out of business because of piracy.

Sony

Sony (remember Sony from the Betamax ruling?), is now a major player in music and movies. In recent news, they placed DRM software on at least 19 CD releases, with disastrous results. When a consumer attempts to play one of these CDs on hus computer, hu is greeted with an End User License Agreement (EULA) which, among the incomprehensible snarl of legalese common to all EULAs, includes language which states:

“…this CD will automatically install a small proprietary software program (the ‘SOFTWARE’) onto YOUR COMPUTER. The SOFTWARE is intended to protect the audio files embodied on the CD, and it may also facilitate your use of the DIGITAL CONTENT. Once installed, the SOFTWARE will reside on YOUR COMPUTER until removed or deleted.”

What the EULA doesn’t state is that the SOFTWARE is a rootkit (malicious software which cloaks its presence) which will bugger up your machine if you attempt to remove it without Sony’s help, and provides writers of trojan horses and viruses with a ready-made mechanism for cloaking themselves. In Sony’s eyes, these must be acceptable tradeoffs to prevent you from making more than three copies of the Neil Diamond CD you just bought.

Sony is already facing six, count ’em, six separate lawsuits in the fallout of this invasive, ill-conceived DRM tactic. They’re in full damage control mode, but remain strangely unapologetic. They insist that the software poses no threat, despite three “in the wild” trojans having already been identified as exploiting the security hole created by their software.

There is a movement on Slashdot to popularize the phrase “Infected with DRM” to characterize more accurately what companies like Sony are doing, as opposed to what EULA language like “facilitate your use of the DIGITAL CONTENT,” does to illuminate the issue.

In a way, I am grateful for what Sony has done. By making a move so clearly lacking in foresight and which so clearly places its own interests ahead of its customers, Sony has created a furor which might well reach people who hadn’t previously given one thought to DRM or how it affects them. I think I’ll get Sony something nice this Christmas. I know! Foot bullets. I hear they’re running low.

Kashmir Earthquake Relief

My friend Grady is doing something really important. Kashmir is in a world of hurt right now after sustaining a 7.6 magnitude earthquake on October 8th. 73,000 dead, 3 million homeless, and things are going to get worse before they get better. It’s already snowing in parts of Kashmir, and full winter is right around the corner.

International response to the disaster has been tepid at best. The U.N. is something like 80% short of its target monetary goal. Personal donations to relief organizations are low as well. After the Tsunami and Katrina, I think that a lot of people are simply exhausted, charitably and emotionally.

Grady, who has a personal connection with the Kashmir region, has put up kashmircare.org in an attempt to mobilize as much support as possible for CARE, a wholly worthwhile organization who is well-equipped to give the sort of aid that is needed most. Please visit kashmircare.org, read about what’s going on, and consider helping.

Thank you.

Happy Hallowe’en!

I have very happy memories of Hallowe’en as a kid. There was the time my brother Ian dressed as George Washington, with a white wig composed of rolls of surgical cotton (it rained that night, with predictable results). Mom always used to bake these jack-o-lantern decorated ground beef, velveeta cheese, english muffin thingos. Mom was also very handy with a sewing machine, so I got to wear cool skeleton costumes and such. We lived in a big, hilly neighborhood with lots of kids, so you could score some serious loot trick-or-treating, if you had the endurance.

I was born in 1971 so, when the Tylenol poisonings occurred in 1982, my best trick-or-treating years were already behind me. According to Barbara Mikkelson over at snopes.com that was the year when, on a large scale, fear won out over common sense. Sure, stories had already been around for decades about apples with razor blades in them, and poisoned candy. One parent deliberately poisoned his child, then blamed it on candy acquired trick-or-treating. In another case, a kid died after eating his uncle’s heroin, and the family tried to cover it up by sprinkling some heroin on the child’s Hallowe’en candy. Each of these, while tragic, turned out not to be the work of a malicious stranger, but a family member. Hoaxes.

With the vast majority of the other 90 or so incidents reported in the last 50 year, it was determined that the children had tampered with their own candy, then presented it to their parents. Whether done as a prank or for attention, these incidents are also hoaxes. Over the same period, there have been a handful of actual cases where someone put pins or needles in Hallowe’en candy and then gave it away. The most significant injury sustained required a couple of stitches.

So, the chances of your kid coming to harm from candy that a random madman has tampered with is virtually non-existent. The probability of a child getting hit by some idiot in a Suburban on Hallowe’en night is far, far greater. Yet, tonight, thousands of parents will go to their area hospital or sheriff’s office and have their kids’ candy x-rayed. It’s natural for parents to be protective of their kids, but this is an example of people being lousy at understanding threat vs. risk, then responding appropriately. Bruce Schneier writes about this kind of assessment in Beyond Fear.

In our example, candy which has been tampered with is the threat. The impact of the threat if it occurs ranges from minor (needle) to deadly (poison). The risk (probability) of the threat occurring is very, very low. The response to the threat is to x-ray the candy. The cost of this response is $0 to the parent, but offers no security against the part of the threat with the greatest impact, i.e., an x-ray will reveal glass or metal but not poison.

The big downside is that we’re teaching kids to be lousy threat/risk assessers, too. I’m happy that I was a kid when I was. In addition to treating today’s children like criminals (zero-tolerance policies, metal detectors, locker searches), we’re teaching them to be afraid for no good reason.

Daylight Saving Time

What kind of crank would I be if I didn’t publish a rant about Daylight Saving Time (DST)? My (four) readers have come to hold me to certain standards.

Then again, two of them do nothing but this
all day.
 
Before I start spewing vitriolic, uncorroborated bile on the subject proper, let me enumerate the devices in my life that know what time it is:

Coffee maker
Microwave
Cable box(2)
VCR (2)
Stereo
Xbox
Car (2)
Computer (4)
Palm
Alarm clock (2)
FTP server offset (12)

For those readers smearing feces on the walls of their cells, that’s 29.

I would admit that a significant minority of these devices were smart enough to take care of themselves, and the inconvenience of updating the others was minor, but I’m on an incoherent tear here, so let’s instead allow the list’s implications to loom ominously for themselves.

Okay, now with the ranting:

DST is of benefit to no one other than those who, arguably, should be bred for food. Courtesy of my brother Eric, I paraphrase the following letter-to-the-editor quote on one interesting virtue of DST:

“…my plants sure appreciate the extra light.”

This shit just writes itself, doesn’t it?

The cost of DST outweighs its benefits. Department of Transportation studies show that DST reduces U.S. electricity usage by 1 percent each day that it is in effect. What the DOT studies don’t address is the loss of workplace productivity because of disrupted sleep schedules, changes to commuter schedules and worldwide differences in observance of the practice. Nor do the DOT studies mention the increased traffic fatalities (disrupted sleep schedules again, plus it’s darker during the morning commute), or the IT hours squandered coding for the changes, especially in embedded systems, every time the rules change.

Recall with me, what was the reason that you were taught as to why we observe DST? Farmers, right? Turns out that most farmers don’t give a flying handshake about DST because:

1) They get up with the sun regardless of what the clock says.

2) Their animals don’t observe it.

With all of these compelling data, it should come as no surprise that our Commander-In-Chief (a reader), recently signed into law a change extending Daylight Saving Time by approximately three weeks, effective in 2007.

I encourage all four of you to visit Standard Time and end my madness.