Wednesday, August 29, 2007

Compliance for Road and Track

My Alfa, a 72 GTV coupe, like all GTVs of its approximate vintage, has a recessed panel in the headliner over the back seats. It has proven to be a mystery to passengers in the car, looking like the cruelest joke of a sun roof for the rear passengers who are otherwise treated poorly by the car's design. So cruel, in fact, that a sticker was placed on the rear windows by Alfa. When viewed from the outside, it read:


This side of the sticker explains in part the pseudo-sun roof. The GTV raced in the sedan class. To comply with sedan class regulation, there had to be a specific number of inches of headroom for the two passengers in the back seat. Hence the "cheat" of recessing a spot in the headliner, because the seats were as low as they could go. So you can race, and sometimes beat, Minis, BMW 2002s and Datsun 510s.

From the inside, the other story of compliance was visible. From a knees-to-chin head-ducked position, the contorted rear seat passenger could read the obverse:


The other set of regulations the GTV had to comply with were written by the US Department of Transportation, that defined of sports cars and sedans. Being classified by the DOT as a two-seater would require less modification of Alfa's aging (yet still stylish) design - less in the way of bumper protection for the would be passengers. Actually taking the seats out and putting in a package shelf (a la 911) would make it race in an uncompetitive class. Hence the sticker forbidding rear seat passenger, which attempts to serve both masters. (I'm guessing the seat belts back there are for securing cases of Chianti and bundles of pastrami.)

The different approaches in compliance reflect the different levels of enforcement. Perhaps Alfa felt it could convince the DOT that, really, who would ever be so silly as to sit back there? This is a sporting coupe, not a sedan. However, Alfa knew that the sanctioning bodies for the racing series they participated in would be out there with tape measures and calipers before every single race for tech inspection. Alfa's compliance would be challenged by every other team on the track.

I don't believe it would be too far off the mark to say that an implementation of a control, especially a compliance control that may not have a palpable financial return, will be as effective as the perceived enforcement.

(Read the story of the 2.5 liter Trans-Am at 1971 Laguna Seca for more sad stories of compliance. The Datsun version, the Alfa version. "Oversize fuel lines" vs "expanding gas tanks." )

(sticker image courtesy Papajam at the AlfaBB)

Tuesday, August 21, 2007

Market Fresh

A curious discussion of terror risk, and a terror prediction futures market by some GMU economist types and at the Chronicle's Footnoted blog.

I don't know enough to about econ to assess the value of such a market, but I do wish that some one would set up a Privacy Breach Futures Market so we could make the security analystas put their magic quadrants where their mouths are. (Or vice versa: whichever would be more unpleasant.) Viz, the TJX OMG!!1! MILLIONS IN PWNAGE!! NO!!BILLIONS! analysis found on Computerworld. Maybe something more along the lines of buying squares in a football pool would offer as much predictive value as the collective voices of these cats.

Photo courtesy The Prodigal Son.

And yes, this is the second consecutive post with a Broken Social Scene related title. Because Broken Social Scene are one of my top five most favorite things that are Canadian.

Monday, August 20, 2007

I Feel That It's Almost Crime

Imagine Monster put a click-through license on the malware, adjusted the privacy policy a tad (include an opt-out for additional "services"), and voila! It's not a privacy breach, it's an additional revenue stream! The 1.6M bits of Monster job hunter data is at least as hot as the Glengarry leads.

Imagine that Certegy/Fidelity records were not sent in wild cascading romp through the land of data brokery by the actions of a rogue database administrator, but through a perfectly legal contract. (As Mr. Certegy assures us, the data was sold to legitimate data brokers.) So the whole thing is a just a crossed "T" or dotted "I" away from being 110% on the up and up. Instead of class action, we'd be talking steak knives and Eldorados!

It's just semantics. "Data broker" = "Identity Thief." "Lead Generation" with "Privacy Breach."
It's all the same. But the Yukon keeps me up all night, and it feels like it's almost crime.

Wednesday, August 15, 2007

Everyday Privacy and Security: Buying Age Restricted Products

So, I go into an Exxon, looking to buy a pack of butts. (An evil, nasty habit I am trying to quit, but the demon weed still has its claws in me.) I ask for a pack of what they had that was closest to my brand, and it was slapped on the counter. Then the clerk asked for my ID.

O.k. Tobacco, along with pornography, beer, and sometimes phen-phen, is an age restricted product available at some convenience stores/gas stations. Despite my advanced grizzledness and paunchitude, and my sincere doubt that the woman behind the counter was trying to flatter me by insinuating I could be mistaken for a teenager, I complied.

And I was ready. I had recently traveled by air to San Francisco, renewed my license, but still had the printed paper companion from the DPS to accompany my laminated driver's license with an older, but still somewhat grizzled image of my mug on it.

No dice. My license was expired, therefore I was probably under 18. The fact I had renewed my license was no good. "Policy," the woman said. "But....But..." I objected. "Policy."

In my nicotine deprived state, muttered my way back to my car, curses ranging from Kip Hawley to Captain Hazelwood. And of course, the X-Ray Spex wormed into my brain:


Thursday, August 2, 2007

Impacted Molars: Pay Hell Gettin' It Done Edition

Random Eye-tooth:
I've been reading the Counterinsurgency Manual, and I'm figuring there is some analogue to a corporate approach to minimize the "insider threat."

Mr. Loblaw describes a grisly example of privacy abuse in a recent decision du jour, selecting the choicest text of a 6th Circuit decision so I don't have to. But I will.

As the plaintiffs’ complaint explains, prisoners have threatened and taunted the officers, often incorporating the plaintiffs’ social security numbers (which they have committed to memory) into the taunts. Some prisoners wrote the social security numbers of some of the plaintiffs on slips of paper that they threw out of their cells.
Now that's what I call abuse of NPI, a sort of SSN gassing. But do the plaintiffs get relief? No.

[T]he guards’ social securities numbers are not sensitive enough and the threat of retaliation from prisoners was not substantial enough to warrant constitutional protection.
Ride the NPI Country:
Courtesy the continual compendium of outrages privacy related, i.e, Pogo, come this story hashes ID crime stats. The conclusion it appears to draw is that Big Sky Country is a den of ID thieves. All the big increases in identity crime occur in North Dakota and Montana, with the notable exception of Springfield, IL, which can be attributed to Groundskeeper Willie and Apu. Considering that there are more people in my MSA than all of Montana or North Dakota, I wish I could get a thorough look at the stats. Not so bad that I'm going to request data from a "marketing@" e-mail address, which ID Analytics requires.

Computer Security for Trainables:
From the Chronicle tech blog, the winners of Educause's security awareness video contest. I dunno. These videos will not be a part of my infosec counterinsurgency program. No beat, can't dance to 'em.

"Sweet fancy moses": the whole shocking story. Discuss.

Wednesday, August 1, 2007

Describing Difficult Procedures

Lately, I've been working on my 1972 Alfa Romeo GTV. What I've learned about project management seems to evaporate into red mist in my garage. Currently, as part of changing my fuel system from the wonderful yet arcane SPICA mechanical fuel injection to the elegant and infinitely adjustable Weber carburetor, I am pulling the head off the twin overhead cam beast.

The head pulling process is described in the Alfa Romeo Giulia Owners Workshop Manual thusly:

"Remove the head nuts and the two screws fixing the front cover to the head, then lift off the head."

As it represents the official, legally vetted process described by the vendor, the above advice can be called "the standard."

Pat Braden's definitive "Alfa Romeo's Owner's Bible" describes the procedure thusly:

"The head bolts should be loosened incrementally following a spiral from the center out. Work slowly around the engine double-checking that everything is removed before trying to lift the head free. Typically, the head won't come free."

This passage is followed by several paragraphs of recommended procedures for freeing the stuck head, including "factory tool" and "rope trick." Having been codified in book, written by an expert, these are clearly "best practices."

On the Alfa Bulletin Board, a search on "head removal" will generate a multiple page jeremiad of head pulling frustration and anxiety. Tools as diverse as crow bars, bottle jacks, concrete rust remover and improvised pullers are deployed to extract head from block. Results vary. I'll call this "how things happen in real life."