Over at Wired’s 27b stroke 6, they got an item about the FBI’s response to their own rule breaking regarding subpoenas:

The FBI is under scrutiny for asking phone companies for telephone records using fake emergency letters and then not following up with the required legal documents. In a pre-emptive response, the FBI halted the rule-breaking by telling agents that emergency letters no longer had to be followed up, according to this story yesterday from the Washington Post’s John Solomon.

The rule was a compensating control–a formalized requirement to ensure that this “emergency” power was truly only used in emergencies when it could be justified. In a true emergency, there might not be time to fill out the paperwork and walk everything through the approvals workflow. I’m not quite sure what that scenario might be (this is a wiretap, after all–listening to people talk on the phone). Thus, the FBI’s removal of the follow-up rule tells us that their concern is with the risk of getting caught breaking the rules, not ensuring they follow it.

Any parent can figure out how this should work. My daughter wants something. Say, a pair of rollerblades. I agree to buy them, but only on the condition that she only skate on the sidewalks or along the bike trails by the lake and wear appropriate safety gear: knee pads, elbow pads and a helmet. Two days later, I look out the office window and see her skating in the middle of the street with no safety gear on whatsoever.

When I go down and tell her to get out of the street, am I going to let her tell me that it’s OK because she decided she no longer needed safety equipment? I don’t think so. I’m going to let her know that this was her one chance to screw up and the next time, I’m going to take the skates away. And if she does it again, the next time she skates it’ll be on a new pair because it will have been long enough that her feet have outgrown the new ones.

Of course, if I were over at the FBI, I’d be scared, too. Wiretapping someone without a warrant is a serious federal felony. Of course, if a bunch of our supposed Top Cops can’t understand that, then things may be even worse in this country than I’d previously assumed.

One of the reasons it was traditionally difficult to get a wiretap warrant was because we-the-people don’t want the government (including the FBI) listening in on our phone calls.

I think now would also be a good time to mention that the Electronic Frontiers Foundation has been doing good work fighting for us all in court as part of the NSA Illegal Wiretap suit.

Musicload, Deutsche Telekom’s online music store, is feeling serious DRM pain.

Musicload said in a letter distributed last week that customers are having consistent problems with DRM, so much so that 3 out of 4 customer service calls are ultimately the result of the frustrations that come with DRM. In a business where the major music labels expect to be paid well for their source material, the costs of supporting DRM are borne entirely by the music retailers.

(emphasis mine)

While this might initially seem like a clever move on the part of the labels, the whole model falls apart almost immediately. The labels believe they have transferred the risk of piracy by not only demanding countermeasures, but also transferring the costs associated with the countermeasures onto the vendor.

Sure, this is essentially the relationship between merchants and credit card issuers. In that world, if I commit fraud the retailer I stole from bears the cost, not the cardholder or the issuing bank. There, the responsibility for implementing countermeasures aligns with the loss potential. Even there, though, we have standards like PCI’s CISP which requires certain standards of due care be (very prescriptively) met when performing credit card transactions.

Reducing the risk of credit card fraud ensures the continued viability of credit cards as a payment scheme. The merchants may grumble, but ultimately they all seem to feel that the cost of compliance is less than the cost of not accepting credit cards.

In the online music world, however, we’re in a very different place. Here, merchants are being forced to implement countermeasures which give them no benefit–music actually sells better without encumbrances of DRM, and then the merchant is seen as the Bad Guy when the product that a person legimately purchased is (in the eyes of the customer) seen as defective.

The fact that the DRM’s presence exists pretty much exclusively to preserve the revenues and market power of the content industries (movie & music) as a cartel of middlemen just makes its presence that much more bitter. They’re not concerned about piracy–they’re concerned with forcing periodic re-buying of music any time someone else comes up with something innovative.

The only way this approach to “protecting” digital music makes sense is if your real goal is to protect the revenue stream from selling silver discs in plastic cases, as evidenced by the impact of De-RM’ing online music:

Musicload has also tried to differentiate itself by allowing independent music labels to sell their music on the service sans DRM, and the move has reportedly been a success. Championing the “Comeback of MP3,” Musicload said that artists choosing to drop DRM saw a 40 percent increase in sales since December, and that more artists and labels are showing interest.

(emphasis mine)

While I’m too lazy to go look up the source, over 90% of all digital music is sold completely unencrypted in the form of audio CD’s. All you need to do to avoid the DRM tax is decide that it’s worth your labor to stick the disc in a computer and hit the “rip” button on your player application–and you still have a shiny silver disc to either sell to the used record store or store until you lose it or damage it beyond use.

(Oh, yeah…h/t Boing-Boing

In the course of my job, I am routinely asked to prepare “position statements” on specific technologies or problems.

Here’s a position statement on the use of integrated surveillance technologies in the UK, albeit in a little different format than we’re normally used to:

(h/t BoingBoing)

Adam Shostack has “cluechick” in as a guestblogger at Emergent Chaos to provide some thoughts on background checks for on-line dating.

As I would expect of anyone whom Adam would let put words on his site, she gets it:

Finally, and perhaps the biggest issue, to my eyes, is the possibility that people will use this sort of thing instead of common sense tools like their brains and hearts. Yes, a background check might pull up some tidbit of information that I might otherwise never know, but it can’t tell me that my newfound love is the person I want him to be. A lack of data, after all, is not necessarily a positive finding.

Unfortunately, the vast majority of the readers of the original article probably won’t.

I’ve written previously about both risk homeostasis, of which this is a perfect example, and even specifically about background checks and online dating.

From the original article, “Dinner, Movie — and a Background Check — for Online Daters“:

Kimberly Hall was twice betrayed by men she met dating online. Both turned out to be married.

So she started doing background checks on her dates using a Web site called Intelius. Now, the 33-year-old from Laurel is engaged to a man she met on Blackplanet.com, but even he had to undergo record checks.

“He wasn’t happy” about doing it, Hall said of her fiance. But eventually he turned over his Social Security number.

I’ll bet he wasn’t, given that in the United States, the SSN is still the golden key to access someone’s potential lines of credit. Someone has probably already figured out that they can use a demand for this information as the source of inputs to commit full-fledged identity fraud. It’s an emotionally loaded demand, so it will probably work. Then, the scammer can break off the relationship for something that was allegedly found in the check. It’s the worst security of all: Insecurity in the name of security.

First off, if you’re going to let the presence of countermeasures increase your inherent risk tolerance, you’d better be sure that the countermeasure is actually effective at reducing your residual risk back to the desired level. Unfortunately, the various background checks and other offerings from the “dating security industry” tell you, at best, whether or not this person has been caught yet. Consider the average data quality in a background check database, and you should realize it probably can’t even do that.

As to the idea that a background check can keep someone safe? Puh-leeze. People with Top Secret clearances, which are a whole hell of a lot more invasive than a credit & criminal database check commit every kind of crime from murder to espionage to bestiality in front of their friends without getting caught for years. The whole dating security industry is nothing more than another way to separate fools from their money.

The only reasonable suggestion in the whole article is MatchTalk, and it’s just an extension of the core model, not a security feature at all:

Since November, Match.com has gotten more than 500,000 members to test its MatchTalk feature, which uses Jangl’s technology. The service asks for members to enter their phone numbers into the Web site, which generates a phone number that can be used to make calls between the two dating prospects without disclosing their actual numbers. The service is temporary: A couple can give up the temporary number if they get serious or if they call it quits.

TalkMatch was already on the drawing board by the time I left Match, and I thought it was an interesting idea. I took the position that it would be good for revenue, since we thought people would want it (and it sounds like they do from the numbers), but bad from an information quality perspective since we would lose the ability to do any more than “he-said-she-said” investigation, which we already did enough of even when people sent us transcripts of email conversations.*

Extending the online dating business model from E-mail to IM to Voice fills a real gap in the process, allowing people to get a feel for a person’s real-life timing and presence before they actually meet face-to-face. If the person comes off as creepy on the phone, then the real risk–an in-person encounter going horribly wrong–has been avoided, and that’s a good thing.

So the reporter found some woman in Texas who accidentally dated a murderer. I googled for 10 seconds and found a Houston TV station who invited a convicted rapist to an on-air speed dating event.

What we should all remember at times like this is that the plural of anecdote is not data. Data is what you get when you have a population of almost 20 million people, over a million of them paying you money in any given month to talk to one another, and every time someone gets hurt, you or your staff have to do the research.

The answer is, quite simply, that we had a lower risk of violent crime among our members than the average person looking for love in a bar. Maybe that was because our customers weren’t looking for love while drunk, but that certainly can’t have hurt. Our demographic was divorcee’s and thirty-somethings who had never married. As a result, our customers tended to be older and thus less likely to commit crimes, period. This may have changed since I left, since the college and twenty-something crowd was being marketed to quite heavily, but my data was that snapshot in time.

Now that’s not to say all was sweetness and light–after all, they paid me and my team for a reason–but on the product security side, we spent a lot more time dealing with (in descending order of frequency):

• people using our system as a marketing channel for either a competing dating site or porn. If done correctly, it was less than 1/10th the cost for a much better set of prospects than any email address list you could buy. If done fraudulently, it was essentially free.
• phishing for member accounts for use in above marketing fraud
• people attempting to commit fraud targeting our customers (e.g. 419 and other advance-fee stuff, Russian Bride scams)
• Subpoena requests in divorce proceedings
• credit card chargebacks or fraud complaints to the police, often attempts by cheating spouses to explain away the presence of match.com charges on their credit card statement

That’s not to say that we didn’t have violent crimes or con games between people who met on the site, but I can guarantee that it was a lot less than in a city of equivalent size.

* we did not store or archive message bodies, only subject lines at the time–I have no idea what they do or don’t archive now.