While this is opt-in, I would be mad as hell if they did this to me automatically.

Each day, it seems, marketers go further in their quest to deliver messages so engaging and personalized that one cannot help feeling special. The latest step will be seen today in four cities when Mini USA begins delivering custom messages to Mini Cooper owners on digital signs the company calls “talking” billboards.

The boards, which usually carry typical advertising, are programmed to identify approaching Mini drivers through a coded signal from a radio chip embedded in their key fob. The messages are personal, based on questionnaires that owners filled out: “Mary, moving at the speed of justice,” if Mary is a lawyer, or “Mike, the special of the day is speed,” if Mike is a chef.

The experiment adds a new wrinkle to the wrangling among marketers and safety experts over whether drivers might be dangerously distracted by messages flashed on the growing number of digital billboards around the nation. Some communities have forced billboard owners to modify or turn off such signs, and the federal government has said it will soon publish a review of the research on the subject.

The enthusiastic guinea pigs for the Mini experiment will be more than a thousand Mini owners in New York, Miami, Chicago and San Francisco who have signed up for what the company calls “an ever-changing array of unique, personal, playful and unexpected messages.”

As a former Mini Cooper S owner, I will say that I loved the car, but the personalized marketing was a little bit creepy. They sent birthday cards, trip journals, and various other tchochkes a few times a year as part of their owner loyalty program. To me, it felt more like they were bragging to me about my presence in their database.

I knew the key fobs were chipped, because I saw a service rep stick my key in a reader and it dumped the full diagnostic set, including mileage, sensor data, and alert history from my car to their maintenance tracking system. I saw the value of this–the cost savings on diagnostics must have been huge for the dealer and it also made the customer experience at the service desk a lot easier, too.

The idea that the RFID can be read from a couple hundred feet away when stuffed inside a metal cylinder doesn’t exactly give me warm fuzzies, though.

Sure, it’s vendor-sponsored, but it’s still hilarious.

Discover Hackistan today.

I think I like the Global Incident Map even better than the last one I posted.

It’s based on the Google Maps API, which means that you can zoom in on regions you’re interested in, and just focuses on terrorism and other forms of man-made badness. It seems to have a Western-centric bias, but I’m guessing that’s because it’s probably only processing English language news feeds. As a result, minor stuff like mailing “suspicious white power” is reported in the U.S. or U.K., but you have to actually kill a bunch of people and release a videotape to get covered in Yemen. This could be problematic if people assume that Western press coverage of incidents around the globe is complete or even and make decisions accordingly.

This is cool, but it has two problems. First, risk can only be assessed as accurately as the input data allows. In this case, depending on the scope of interest, the data might be pretty bad. Sometimes we can model assumptions fairly accurately, but only if we know when assumptions are required. Ignoring risk, even accidentally, is still accepting it.

Also, systems which provide pretty blinkenlights are usually more entertaining than informative.

Only things which change rapidly and in realtime benefit from realtime reporting interfaces. Anything else with a realtime interface is either entertainment or some new Playskool Executive Activity Center. The next time some sales rep shows you a system “dashboard,” ask yourself what the benefit of knowing the up-to-the-second state of something is from a management perspective. It may be that the guys down in the trenches who are actually driving the systems need a dashboard, but for the executive, a good map and regular position reports are a lot more useful.

Updated: MC from GlobalIncidentMap dropped by and left some more detail about the site’s back-end in a comment:

The main site is limited in its realtime usefulness, mostly because the data is manually researched and added to the map, and since we have no staff that means significant gaps each day in the data.
However the same process and system can be realtime if someone wants it to.
Think of the same mapping system, tied to the CAD systems used by a 911 call center - the map can be made to work in realtime if it has a flow of realtime data. We are working on a custom version displaying Amber Alerts - it will check the newswires every 15 minutes automatically, and do its best to place an Icon on the map in a relevant location - not realtime but close, and it wont require an analyst to sit there and babysit.
The difference between a realtime system and a near realtime system is that the realtime version requires automation of the news gathering, which leaves out any decent decision making about which articles are appropriate and which are not.

Thanks for the info!

I’d forgotten about this until it showed up on Boing-Boing. It’s a realtime incident alert map.

Since we’ve been waxing iconic here of late, this should give everyone fresh food for thought.

This is cool. It’s Aon’s 2005 World Terrorism Risk Map. It’s also big. I’m trying to get a hardcopy (form here if you want to order your own). I hope they’ll still send me one when they realize I do Information Security.

Risk is not always about security. For example, Bruce Schneier’s latest blog post, “in praise of security theater.”

While visiting some friends and their new baby in the hospital last week, I noticed an interesting bit of security. To prevent infant abduction, all babies had RFID tags attached to their ankles by a bracelet. There are sensors on the doors to the maternity ward, and if a baby passes through, an alarm goes off.

Infant abduction is rare, but still a risk. In the last 22 years, about 233 such abductions have occurred in the United States. About 4 million babies are born each year, which means that a baby has a 1-in-375,000 chance of being abducted. Compare this with the infant mortality rate in the U.S. — one in 145 — and it becomes clear where the real risks are.

And the 1-in-375,000 chance is not today’s risk. Infant abduction rates have plummeted in recent years, mostly due to education programs at hospitals.

So why are hospitals bothering with RFID bracelets? I think they’re primarily to reassure the mothers. Many times during my friends’ stay at the hospital the doctors had to take the baby away for this or that test. Millions of years of evolution have forged a strong bond between new parents and new baby; the RFID bracelets are a low-cost way to ensure that the parents are more relaxed when their baby was out of their sight.

While these are all true statements and I completely agree, that’s not what I was told the RFID tags are primarily for.

When my daughter was born, I observed the same seeming security theater and asked the nurse what the point of it all was. After all, I observed, it would take me about 2 seconds to snip the tag off a baby and stuff that little bundle (and newborn babies are tiny) inside a coat, bag (half the people in a maternity ward are carrying some sort of gift, usually in a brightly-colored “gift bag”) and walk out of there.

They agreed that it would do very little to prevent a malicious attacker. If a baby was brought within range of the door’s sensor, the doors of the maternity ward were wired to mag-lock shut and an alarm would sound. Given the ease of removing the tag, however, that would do little to stop a malicious attacker.

The primary reason for the tags is to prevent accidental baby swaps. That the tags come in pairs with one assigned to the mother (non-RFID) and one to the baby (RFID). This has nothing to do with the RFID, but I was asked to verify the tags were a match at the moment of birth, then witnessed as the tag matching my wife’s was placed on our daughter.

Presto! Instant establishment of a verified chain of identity. Each time the baby was brought in, we were required to re-authenticate that she was, in fact, our child since during those first one to three days, babies tend to look pretty much alike other than race and, when naked anyway, gender. This is especially true if you’re a first-time parent and lack the recognition skills to tell one baby from another.

This chain-of-identity may have a reassuring effect on the parents, but the RFID function is not a component of it unless hospitals have begun incorporating automated checks into the chain-of-identity process.

Even trivial accidental baby swaps are a legal and Public Relations risk for hospitals. The cost of defending even a single lawsuit probably exceeds the annual cost of the RFID program by several multiples.

The RFID served two main purposes. The first was to ensure that no one accidentally carried a a baby where they weren’t supposed to be. Despite the big doors and signs to the effect of “No Babies Beyond this Point,” people are usually in some state of shock or excitement when a baby is born and manage to miss those signs. The RFID keeps those people from accidentally taking the baby outside the controlled space.

The second was to prevent those who selfishly think, “It’s my baby and I’ll take it where I want to,” or they want to show it to a larger group of family members and/or friends than are allowed to visit the mother in the hospital (It was no more than two or thee at once in my case). Their intentions are genuine, but once again, the RFID will activate the mag-lock and enforce the restriction on where the baby can be taken.

For the two most common malicious scenarios, the grab-and-run and the imposter, it might deter the grab-and-run attacker, assuming they don’t tear or cut the tag between the time they pick up the baby and the time they hit the door. For the imposter, this person dresses (usually) as a nurse, orderly, or other staff member and attempts to carry the baby out undetected. I seriously doubt that anyone who goes to that much trouble will forget to include cutting the RFID tag off. I might be wrong, but I’m glad I didn’t have to bet my child on it.

As Schneier accurately notes, the risk of malicious baby theft is extremely low, but given the unwillingness to accept risk by either party (parent or hospital) combined with the low cost of the countermeasure and other risk reduction benefits, the RFID tags make perfect sense in this case.

When the iPhone shipped, much ado was made both of the product itself, but also what a great job Apple had done keeping the details of the phone a secret until it was launched at the Consumer Electronics Show.

Based on research I’ve been doing, however, much of the technical information about Apple’s new iPhone was known prior to launch. The details of the radio (Quad band GSM, EDGE, wi-fi), the rough feature set (phone, data, video, camera, etc.), the touchscreen, even the softball guess of what the form factor would be (”stylishly ceramic and glossy”*) had all been accurately conjectured (or leaked) prior to launch. The only data point which seemed to be completely wrong was the pricing.

And yet, when Steve Jobs took to the stage yesterday and finally took the iPhone out from under wraps, it still blew everyone away. Despite everything that had been leaked or guessed, Apple was still able to keep the “Secret Sauce” a secret until product launch. How? The short form is that they Play Offense.

First, to ensure that leakers are identified as soon as possible, they use counter-espionage techniques in their product processes:

The report notes that Apple provides different code names to different departments to help track down any leaks and that it also keeps disclosure lists about who is briefed on each product. The report also says that when employees receive documents containing sensitive information about unannounced products, the documents are often watermarked with the recipient’s name–a practice that is meant to discourage carelessness.

Next, as ArsTechnica notes Apple isn’t above a healthy dose of Big Brother to keep the lid on things:

Apple also reportedly monitors employees’ surfing activity during the day—not a surprise, as most companies do this to some degree or another—but scolds employees who spend too much time reading “rumor sites,” specifically, while at work. I suppose it makes sense—employees who find out too much via rumor sites might be able to then verify the rumors around campus based on what they already know from the Internet, which is something Apple doesn’t want. The more secrecy, even among employees, the better.

So it’s not entirely the Cult of Apple. While their employees might be more loyal than those of other companies, they still leak information. Sites like ThinkSecret even provide contact information with explicit instructions on how to encrypt information and use anonymous email.

Nevertheless, when something does get out, Apple does’t hesitate to sic the lawyers on the leaker and/or the leak publisher, even though those publishers are some of their biggest fans:

Apple recently sued the proprietor of the ThinkSecret.com insider news site for publishing general information on the Mini and Shuffle — what Apple considers trade secrets — before their official announcement at Macworld. Plus, Apple is preparing subpoenas for two other sites, Apple Insider and PowerPage.org, to force them to divulge their inside sources on a product code-named “Asteroid.”

It can’t hurt that Apple doesn’t hesitate to sic their lawyers on anyone who publishes what they consider to be Trade Secrets, even those people fanatic enough about their products to run fan sites. This certainly reduces the window of exposure (and with it the likelihood) when selfishly disclosed information could be obtained by an competitor.

The end of Apple’s product security may be coming, however. Not because their techniques aren’t effective, but because of structural changes in how they run their business.

A new report suggests, however, that Apple’s secrecy may disintegrate over time due to expanding relations with other firms. “They keep acquiring more and more partners, and as they do that their ability to keep a cone of silence around the company is becoming more difficult,” said Roger Kay, president of Endpoint Technologies Associates. “They love the secrecy because they get a big bang out of it. But that’s going to erode slowly because their partner ecosystem keeps getting bigger all the time.”

This is a fairly logical outcome as more people who don’t feel ownership of the Cult of Apple won’t have the same emotional commitment to keeping those secrets. As more of Apple’s product development process is outsourced, they will see an increase in the number and detail product leaks as well as leaks occurring earlier in the product development cycle.

Perhaps product secrecy is a valuable piece of Apple’s brand, but Apple management seems to have decided that it’s not as valuable as the cost savings that outsourcing more and more of their supply chain brings.

* I lost the link to this quote, but I promise I’m not making it up.

Finally, someone says something sane about the so-called “war on terror.”

The director of public prosecutions, Ken Macdonald, warned Wednesday of a “fear-driven and inappropriate response” to the new threat that could lead to the abandonment of respect for fair trials and due legal process.

In a speech to the Criminal Bar Association, reported by the Guardian newspaper, Macdonald rejected the assertion that a “war on terror” was being played out in Britain.

“On the streets of London, there is no such thing as a ‘war on terror’, just as there can be no such thing as a ‘war on drugs’, said Macdonald, who heads the Crown Prosecution Service (CPS).

“The fight against terrorism on the streets of Britain is not a war. It is the prevention of crime, the enforcement of our laws and the winning of justice for those damaged by the infringement.”

The Director of Public Prosecutions is the top prosecutor in England and Wales. There’s not really an exact analog between the UK and United States, but it would be similar to the Director of the FBI saying something this here in the US.

I’ve always found it more than a little bit ironic that fear seems to be the number one driver of “anti-terror” measures which usually consist of nothing more than revoking civil liberties in an apparent attempt to create the same sort of repressive state which produces people frustrated and disempowered enough to resort to terrorism in the first place.

From the New York Times, I learned about Airport Security, a flash game where you have to be the screener:

As little animated passengers march up to the checkpoint, you must click on icons of various prohibited items depicted in their carry-on bags or on their persons, while not letting the lines back up. (A laptop without a mouse is not advisable).

The trick is, news flashes on the bottom of the screen keep changing the rules on what’s allowed and what’s not. You have to be quick to click on newly prohibited or allowable items, among them Sioux war bonnets, tubes of Preparation H, cattle skulls and conch shells.

The voice announcements are also maddening and distracting, just like real airports. “Attention all passengers: Please be advised that transporting any object through security is discouraged,” one says. “Mr. John Smith, please pick up your underpants at the west security booth,” says another.

There are three skill levels: fickle, arbitrary and knee-jerk.

Online reviews of the game are, let’s say, mixed. “It’s kinda stupid,” writes one critic. “It’s the best game in the world!” raves another. I’ll just say it’s somewhat stupid, and requires fast reflexes and an ability to adapt to absurd and arbitrary rules changes.

Just like real airport security.

I think I’m more in the “kinda stupid” camp on it, but I’m still wasting time with it, so maybe it’s not the one who’s stupid.

I found this story about death rates of released convicts fascinating:

During their first two weeks out of prison, former convicts have a nearly 13 times greater risk of death than the general population, according to a study published today of more than 30,000 former inmates.

I saw that opening paragraph and immediately started conjuring scenarios where either increased risk appetite led to dangerous behavior or forgotten subconscious countermeasures of everyday life, which in turn led to dead ex-cons. Things like bar fights which escalated into shootings or forgetting to look both ways before crossing the street.

I was kind of right.

The leading cause was overdose of illegal narcotics, the researchers found.

Though the study did not look at the reason for the high number of drug overdoses, the researchers surmised that the stress of release and the ex-prisoners’ reduced tolerance to drugs after their sentences were major factors.

“If people have been avoiding drug use and they return to their usual doses after release, they will have lost tolerance,” said lead researcher Dr. Ingrid Binswanger, of the University of Colorado Health Sciences Center.

It’s not just drug overdoses, though. Over the 1.9 years that the 30,237 inmates were tracked:

While 87 percent of ex-prisoners in the study were men, the risk of death for the women was 5.5 times higher than for other women in the state.

Experts said there is no reason the Washington state findings would not apply nationwide.

Over the entire study period, a total of 443 of the people died. Their death rate - adjusted for age, sex and race - was 3.5 times greater than that of the general population.

They died at a higher rate for every major cause of death: 12.2 times the rate for drug overdose compared with the general population, 10.4 times for homicide, 4.7 times for liver disease, 3.4 times for suicide, 3.4 times for motor vehicle accidents, 2.1 times for cardiovascular disease and 1.7 times for cancer.

One thing that isn’t in the story is how much worse ex-con’s do than their non-convict peer groups. Criminals sentenced to prison tend to be poor and minorities. Being poor and a minority also tends to increase the likelihood of poor medical care and substance abuse, so I’m not sure which is the chicken and which is the egg here.

What is significant is that the current prison release process is failing both the ex-con’s in their re-integration into society and society as a whole, since those ex-con’s are persistent consumers of civil services:

[Dr. Scott Allen, co-director of the Center for Prisoner Health and Human Rights at Brown University said,] “We are setting than up to fail, both in terms of health outcomes and in terms of recidivism,” he said.

Dr. Scott Chavez, of the National Commission on Correctional Health Care, said the health problems often send ex-inmates to hospital emergency rooms - at taxpayers’ expense - and society gets stuck with other ex-con costs.

Roughly half of them commit a new crime and go back to prison, he said.

Setting people up for failure is a costly way to increase risk for everyone in our society. The programs which might mitigate that risk may seem costly, but compared to the costs that would be avoided if even a small portion of ex-inmates were helped would produce a significant net benefit, both to society and to those people who now might become net contributors to society.