Potential math-test question for Greek children: If someone steals nine million computer files containing the personal data of Greek citizens, and the population of Greece is 11 million, what percentage of Greek citizens have had their personal data stolen?
The answer would be 82%, but it turns out to be a trick question.
First, nobody seems to know exactly how many Greeks there are. The UN claimed that in 2009 there were 11,161,000 of them. The Hellenic Statistical Authority, which ought to know, said last summer that it had counted 10,787,690 "residents," but only 9,903,268 of those were "registered." (That is in line with estimates that there are about a million immigrants living in Greece these days.) The CIA, which also ought to know, says there were 10,767,827 as of July 2012, but frankly it's been a little distracted lately, and not by Greeks, if you know what I mean. So let's go with the HSA figures.
Second, if the "resident" figure does include illegal immigrants, it seems unlikely that those people have any computer files to steal. They are typically "off the grid," after all, assuming that Greece has a "grid" of that kind. If the files were stolen from the government, which is the current theory, then it makes sense that we'd be talking about the "registered" population, so we should be working with a figure of 9.9 million, not 11 million.
Third, according to some reports, the files "appeared to include duplicate entries," so the actual number of affected Greeks may be lower than 9 million, but we don't know how much lower yet. For now we have to assume the number is 9 million, so your answer should have been that there is approximately a 91% chance that any particular Greek citizen's identity has been stolen. That number is high enough that it seems reasonable to say that somebody just stole an entire country's identity, and to use italics to do it.
I previously mentioned Greece in 2008 when I had just returned from there and was still suffering from PTSD induced by the utter recklessness of Greek drivers. I hope that's not why the population seems to be declining, but holy Zeus are they terrible drivers. And since on reflection neither identity theft nor bad driving skills seem especially on-topic, I will again remind you that it is illegal to take any relics out of Greece, including human skulls. You're welcome.
Daniel Casillo, the stranded jet skier who walked through the über-high-tech security system at JFK Airport without being detected, has pleaded guilty to misdemeanor trespassing charges but is also suing the Port Authority for alleged mistreatment. The Port Authority is denying Casillo's allegations, but what is undeniable is the sheer level of bullshit involved in charging this guy with a crime at all.
As you may recall, Casillo and some friends had been riding jet skis in Jamaica Bay one night in August when Casillo's jet ski broke down. See "$100 Million Security System Breached by Drunken Jet Skier," Lowering the Bar (Aug. 13, 2012) (they had also been drinking). He said the only landmark he could see was the brightly-lit control tower at JFK, so he swam toward that. (I recommend you watch the video from which the image below is taken, courtesy of ABC News, because it both provides useful background and contains a completely ridiculous animation of a guy swimming toward shore.)
Casillo said he hoped somebody would notice him when he got to the perimeter fence, but nobody did. He climbed the fence, still wearing his bright-yellow life jacket, and still undetected. He walked across two runways, past cameras and motion detectors, and still nobody noticed him until he walked right up to a cargo worker to ask for help. "The whole intention the whole time was to make myself seen," Casillo told ABC, but he was unsuccessful.
Having paid for, developed, and installed a $100-million anti-terrorist system that turned out to be unable to detect a civilian trying to be seen, officials responded in the natural way: they punished the innocent civilian who made them look bad. Casillo was charged with felony trespassing, even though he posed no threat at all, nobody questions his story (except for the alleged mistreatment), and his only alternative to climbing the fence would have been to walk for miles around the airport, still trying to be seen. He was allowed to plead to a misdemeanor, making him, as ABC put it, "the only one to pay for a startling breakdown in security."
This is not new, since there is already plenty of evidence that all this security spending makes us no more secure but does increase the risk that innocent citizens will be hassled for no reason, or busted for something like this. Not new, but still ridiculous.
Multiply this by about 1,000 to get an idea of the problem with our entire approach to security post-9/11.
Sorry—I meant 1,000 times the wasted money, although I imagine that 1,000 drunken jet skiers could wreak a lot of havoc before Homeland Security could do anything about it.
New York's JFK Airport is protected by a $100 million "state-of-the-art Perimeter Intrusion Detection System" employing cameras and motion sensors, but "protected" isn't really the right word because a 31-year-old guy strolled through it recently after his jet ski broke down offshore. Daniel Casillo swam to shore, climbed an eight-foot perimeter fence, crossed two runways and got into the terminal before anybody noticed him, and he was only detected (also not the right word) because he asked a Delta Airlines employee for help.
According to the New York Post, Casillo had been drinking with friends before deciding to go out on the bay, but got separated from them after darkness fell. When his jet ski broke down, he had to swim to shore. The report says that he swam a distance of three miles, but that's probably not right because (1) no human being can swim that far, or at least I can't; and (2) at three miles from the airport he would have been closer to shore by going a different direction (although maybe he needed to swim toward the lights). We know he ended up talking to a puzzled Delta employee near Gate 10, and the red arrow below is a distance of about a mile (assuming a fairly direct route).
JFK Terminal 3
More important than the distance, of course, is that this line cuts across a perimeter fence, through a $100 million Perimeter Intrusion Detection System, across two runways and apparently also through at least one unlocked terminal door.
To be fair to security personnel, this does seem to have happened at night, a time during which security can be relaxed because terrorists are known to be afraid of the dark. On the other hand, this was not a trained terrorist infiltrator in ninja gear, it was some drunk dude in a bright yellow life jacket who wasn't even trying to be sneaky. He just wanted some help, which makes it seem especially unfair that once he identified himself he was arrested for criminal trespass. What was he supposed to do, run around outside the fence for hours trying to get your crack security team to notice him?
Officials are, of course, calling for an investigation into how this happened, and the Port Authority has said it is "stepping up patrols." (I guess there were also patrols.) That's all fine, I guess, but the real lesson is this: no matter how much money you spend and how many layers of security you establish, a really determined attacker will either find a way through them or (at best) pick a softer target—and you can't secure everything. By all means we should do simple common-sense things to increase security, and some of them cost money, but spending vast amounts on fences and electronic stuff (let alone the TSA, which I'm sure is insisting this was "not its job") just makes no sense at all.
You might ask the French, who spent a few billion francs on the Maginot Line, only to have the Germans unfairly go around it; or us, who spent lots on the McNamara Line in Vietnam only to have the North Vietnamese unfairly go around it; or us, who have spent billions trying to fence off Mexico, only to ... well, you get the idea.
Maybe we will learn that lesson this time, or maybe there will be line items in the budget next year for minefields and anti-jet-ski-infiltration patrols. Only time will tell.
Mark Worsfold, 54, a former soldier and martial arts instructor, was arrested on 28 July for a breach of the peace shortly before the cyclists arrived in Redhouse Park, Leatherhead, where he had sat down on a wall to watch the race. Officers from Surrey police restrained and handcuffed him and took him to Reigate police station, saying his behaviour had "caused concern."
* * *
Worsfold … claims police questioned him about his demeanour and why he had not been seen to be visibly enjoying the event. Worsfold, who was diagnosed with Parkinson's in 2010, suffers from muscle rigidity that affects his face. He was released after two hours without charge or caution.
To be clear, he did not actually breach the peace or actually do anything to lead them to believe he might breach it. This was a preemptive detention based on what they thought he might do based on how he looked; police semi-explained that "[t]he man was positioned close to a small group of protesters and based on his manner, his state of dress and his proximity to the course, officers made an arrest to prevent a possible breach of the peace." When they realized their mistake—two hours later, after interrogating him at the station—they "fully explained [the circumstances] to the individual concerned," who "was given words of advice and released with no further action."
What "words of advice" did you give him, exactly? "See if you can't get that Parkinson's disease cleared up before the next Olympics"?
According to the report, police said they had received a letter from the man saying that he "appreciated and thanked both the arresting officers for their apologies and explanations" following his release, and if that's true then at least there was an apology. The report also says, however, that Worsfold "did not want to make further comment until he received a response from Surrey police," so maybe that's not clear yet. (The comment he did make, with just a little understatement, was "It could have been done better. I was arrested for not smiling. I have Parkinson's.")
As for the explanations, they suck. Granted, police have a difficult job and have to make snap decisions sometimes. No argument there. But how does a snap decision then result in an arrest and two-hour detention of someone who, presumably, said something like "I look like this because I have Parkinson's" if they gave him a chance to explain at all? And in this case, the decision took at least two officers away from the race they were supposed to be guarding, so security actually got worse.
In the U.S., this would violate the Fourth Amendment because, although the officers may have had enough articulable suspicion for a Terry stop, I don't see any facts suggesting they had cause to arrest him. Police did say that Worsfold had "a number of knives" in his possession, but they turned out to be rubber display knives. That's weird (though less so if he is still a martial arts instructor), but weird isn't probable cause. The Fourth Amendment doesn't apply in the U.K., as I hope most of you know, and sadly it is on life support over here.
The most relevant example being the NGIFRP—what? You haven't been following the deployment of the NGIFRP? The Next Generation Identification Facial Recognition Program? That's the government's plan to include in its giant biometrics database at least 12 million "searchable frontal photos" (hopefully, this means your face) and develop software to track and ID people in crowd or social-media photos. The vast majority of such people, of course, will not even be suspected of a crime. But hey, can't be too careful. Still, consider this: if human beings are so incredibly bad at identifying bad guys, let alone potential bad guys— and they are really, really bad at it—is it better or worse to hand that off to software? How well do you think that software will work?
Even if this kind of thing did work reasonably well, as Bruce Schneier and others (me too) have pointed out, the inevitable false positives—like, let's say, flagging somebody for "lack of visible enjoyment" who turns out to have Parkinson's—make these systems pretty much useless by "ensuring that any real terrorists identified are lost in a sea of falsely accused innocents."
As I mentioned earlier, somebody sued Apple earlier this month claiming that the electronic assistant "Siri" who lurks in each iPhone 4S does not work as advertised. Two weeks later - but only a day or two after the first lawsuit was reported - two other guys made basically the same claims in the same court:
Daniel Balassone; Benjamin Swartzman, individually and on behalf of all others similarly situated v. Apple Inc., No. 5:12cv1384 PSG (N.D. Cal. [San Jose] filed Mar. 20, 2012).
Class action for warranty and unfair competition. Defendant claims its iPhone 4S Siri feature, a voice-activated assistant, performs useful functions, such as making appointments and finding restaurants, and otherwise works as advertised. Siri does not perform as advertised, making the iPhone 4S merely a more expensive iPhone 4.
At least this is more than just a cut-and-paste job based on the first lawsuit. That does sometimes happen as people rush to jump on the bandwagon; I've seen complaints where the prior plaintiff's name still appears in the complaint, because the lawyers just changed the names in the caption and didn't bother to proofread the thing before filing it. (Oops!) This is not one of those cases, but the allegations are basically the same as in Fazio.
It's not impossible that this is entirely coincidental. Like Frank Fazio, Balassone and Swartzman may also have bought their phones based on Apple's alleged representations that Siri can do anything you ask her, "promptly realized" after the purchase that this is not in fact true, taken some time to investigate the matter and locate an attorney willing to assist them and all others similarly situated, and just happened to file about the same time that news broke of the first lawsuit. Could have happened.
Or their lawyers may have seen the news and recruited the first couple of yokels who came walking by their office. (In Silicon Valley, even the yokels have the latest iPhone.) Only time will tell.
I did read the complaint and asked Siri all the questions that Balassone and Swartzmen allege she screwed up for them, except for the questions involving their personal data, of course. She answered them all correctly for me, but maybe she just likes me better.
In a complaint filed on March 6 (available on Scribd via the WSJ's Law Blog), a New York man alleges that the virtual assistant Apple built into his iPhone 4S doesn't work as advertised. Frank Fazio is suing Apple in a California federal court over this, and not surprisingly hopes to represent a class of consumers who are, or who he imagines might be, unhappy with Siri too.
Fazio alleges that he bought an iPhone 4S in Brooklyn after having been "exposed to Apple's representations regarding the Siri feature. Plaintiff would not have paid the price he paid for the iPhone 4S, if he had not seen these representations." If it sounds odd that Fazio is claiming to have been "exposed" to misrepresentations, rather than saying he "relied" on them, then you may not be familiar with California's Unfair Competition Law. (Disclosure: I represent clients who have been sued under the UCL, although sadly for me and my firm, we do not represent Apple.)
Prior to 2004, there was no requirement that there be any connection at all between a UCL plaintiff and whatever evil he or she was claiming to attack. After some highly publicized bogus lawsuits, the law was amended to require a plaintiff to prove such a connection (i.e. actual reliance on a misrepresentation). But some California judges seem not to have noticed that, or at least they require so little of a plaintiff that it might as well never have happened. Not all by any means, but some. And so you still get complaints like this one, which allege almost no facts about the plaintiff.
Why did Fazio buy the 4S, exactly? Did he want to "make appointments," "find restaurants," or "learn the guitar chords to classic rock songs," as he says the commercials promise will be possible? Did he need Siri to show him "how to tie a tie"? Which of these were important to him personally, if any? He doesn't say. Nor does he say exactly how Siri failed him:
Promptly after the purchase of his iPhone 4S, Plaintiff realized that Siri was not performing as advertised. For instance, when Plaintiff asked Siri for directions to a certain place, or to locate a store, Siri either did not understand what Plaintiff was asking, or, after a very long wait time, responded with the wrong answer. ... Upon information and belief, Plaintiff's problems with Siri are not unique ....
What happened to "Stairway to Heaven," or whatever?
Evidently Fazio claims he was lulled by the commercials into thinking that Siri would be able to do anything he asked her to, without fail, which is nonsense. Siri has worked pretty well for me, and that's based on actual experience, not "information and belief." (That's legalese for "I'm alleging this but am also letting you know I haven't actually looked into it yet.") How many chances did Siri get before Fazio "promptly" gave up on her? Just those two?
On information and belief, he detected the alleged problem "promptly after the purchase" because his lawyer had already told him about it.
Not saying every UCL case is bogus, and I know nothing about this one other than what's in the complaint. I do think the idea that Fazio (or anybody else, for that matter) could properly represent a class of people all supposedly disappointed by Siri in the same way is bogus. But the way things are in California right now, that will likely depend on which judge gets the case, because the law is pretty arbitrary.
You do have to wonder if Siri will suddenly become especially good at finding things in the Northern District of California (San Jose Division), especially things that federal judges might need. Don't do it, Siri. It'll just look bad.
(I posted a version of this last week at Forbes.com. Just so you know.)
According to this report in the Beaver County Times, a 66-year-old Raccoon Township man has been charged with invasion of privacy and felony interception of communications for hiding a listening device under his wife's bed. (Yes, the fact that this happened in Raccoon Township, Beaver County, Pennsylvania, is probably enough to get it posted, but the rest is worth reading too.) Suzanne Cripe told police in February that she had found a transmitter of some kind under her bed, and suspected it had been placed there by her husband, Wayne Cripe.
More specifically, that'd be Wayne Comet Cripe of Raccoon Township, Beaver County, Pennsylvania.
A legal alternative?
Police investigated the matter, an investigation that was simplified by Mr. Cripe's statement, "I guess she found the transmitter," uttered as police approached and before they had asked him any questions. Obviously, Cripe admitted he had bugged his wife, apparently in more ways than one because they have been separated for some time. They still live in the same house, but don't share a bedroom. This awkward situation seems to have become significantly more awkward when Mrs. Cripe got herself a boyfriend.
As the report explains, Mr. Cripe cited this as a motivation for the eavesdropping, but not quite the one you'd expect:
Wayne Cripe told the police he put the transmitter under his wife's bed because he wanted to know whether she and her boyfriend were having sex. He told police he was tired of hearing them and wanted to know "if the coast was clear" before entering his home, the report said.
Hm. Maybe, although if you'd rather not hear something, planting a listening device near it is not the most obvious strategy. More often, such devices are used to record sounds (to which, in many states, everyone making the sounds must consent) and so it is at least possible that Mr. Cripes might have been doing a little evidence-gathering in advance of divorce proceedings. Which, frankly, seem long overdue.
Speaking of which (divorce, that is), this post is sponsored by these divorce solicitors, whom I thank.
Because if the leg is detachable, that defeats the purpose of attaching a monitor to it. Unless your goal is to keep track of the leg, in which case no problem, but normally that's not what you're after.
In August, The Guardian reported that two employees of a private security firm had been fired for failing to follow procedures when attaching a monitor to a man under a curfew imposed for drugs, driving and weapons charges. The firm, G4S, has a contract with the UK's Ministry of Justice to do such "tagging" and reportedly tags a remarkable 2,000 offenders every week. "Given the critical nature of this service," said a G4S spokeswoman, "we have very strict procedures in place which all of our staff must follow. In this individual's case two employees failed to adhere to the correct procedures when installing the tag. Had they done so, they would have identified his prosthetic leg." Because they did not, he was able to go out whenever he liked while his leg stayed under house arrest. (I'm guessing he had a spare, like this guy did, but it isn't clear.) He had fooled the employees by wrapping his leg in a bandage when they came by to set up the monitoring device.
By saying that the employees failed to follow procedure, G4S obviously is putting the blame on them, but I'd like to know exactly how its procedures deal with this. Is there in fact a step in the taggers' checklist that says something like, "Before attaching the tag to the offender's limb, ensure that said limb is in fact attached to the offender's body"? You'd like to think that you wouldn't need to spell that out, but apparently you do. (It has happened before, or at least I infer that from the ministry's statement that "incidents like this are very rare.") One report says that the employees "failed to carry out the proper tests," and if there are particular "tests" that go along with this part of the checklist ("Step 7a: yank on leg") I'm even more interested in finding out what those are.
The matter came to light when the man was arrested for driving without a license, without insurance, and possibly without a leg at a time that he was supposed to be under curfew. The reports claim that G4S managers had "become suspicious of the situation" prior to that time, but don't say why. I'm hoping their computers were telling them that the subject had been propped up in the closet for weeks on end, or something like that, but that is just one of several unanswered questions about this case.
In connection with a podcast on the subject of why end-user license agreements for software are so full of legalese, CNET asked Oscar-winning actor Richard Dreyfuss to do a dramatic reading of the iTunes EULA, which he did. They've posted four excerpts, each of which Dreyfuss reads in a different voice. Very good, especially the one in the "crazy German professor" voice.
I'd encourage Apple to have him do the whole thing and use it as their official version, but it would get old pretty fast if you had to listen to it every time the EULA changes. But at least people would pay attention once.
"As a writer, I get a lot of books. My husband usually [just] glances at them .... This one, he hasn't put down. I can't get it out of his hands. Every time I look over, he's reading and laughing.... [C]heck out this awesome book." —Allison Leotta, novelist and author of The Prime-Time Crime Review