Desert of My Real Life

{March 14, 2010}   Toyota Software

Toyota has been much in the news lately because of questions about the performance of a variety of their cars.  In the interest of full disclosure, I should say that I’ve owned four cars in my lifetime–two Fords and two Toyotas (my current car is a Scion which is a division of Toyota).  When I was 14, I learned to drive a standard using my father’s company trucks, teeny tiny Toyota pickup trucks.  So I have been a fan of the company. 

But I think the company’s response to reports about problems with unexpected, uncontrolled acceleration have been quite problematic.  And this response made me realize how scary a situation we are all in when it comes to our cars, no matter the make or model.

I’ve understood for a long time that our cars are increasingly controlled by a computer.   I think this realization came upon me gradually, as my check engine light came on over the years and increasingly computers could read whatever the problem was based on diagnostic codes.  I was a software developer for a long time and I believe we are placing too much trust in software. The Toyota issue is another piece of evidence that we are placing too much trust in software.

When I first started hearing about the Toyota recalls, the discussion was all about the unexpected acceleration being caused by gas pedals that get stuck or by floor mats that get wedged under the brake pedals.  These mechanical explanations for the problem are comforting because they can be fixed fairly easily.  Just replace the shaft of the gas pedal or the floor mats and the problem goes away.  Toyota would certainly like us to believe that the problem is mechanical and not a problem with the software.  They have implied that the National Highway Traffic Safety Administration’s report indicates that misplaced floor mats have caused all of the accelertation problems.  Unfortunately for Toyota, the NHTSA’s report simply said that they had found no other problems–yet.

So here’s the thing.  Software is complex.  The way software interacts with hardware is even more complex.  Finding bugs in software is sometimes incredibly difficult because it is impossible, in a complex system, to anticipate and test every single combination of conditions.  As a result, bugs in software can raise their ugly heads intermittently for years before they are discovered.  Software developers should understand this.

Whenever possible, if lives depend on the integrity of a software system, an override should be built into the system.  In the case of Toyota vehicles (and cars of any other make), this means that there should be some sort of mechanical override of the software system.  An easy override would be that when the key is turned off (which should be a mechanical process unmediated by software–this is clearly not the case), the computer should shut down and the brakes should go into mechanical mode, which means it will be more difficult to brake but braking should still be possible.  Apparently, this does not happen in Toyota vehicles since a driver in California recently had a high profile case of unexpected acceleration.  Scrutiny has turned to the past of the driver in that case (he has had significant financial problems in the past) but even if this case turns out to be a hoax, Toyota should seriously reconsider any decisions they have made to rely exclusively on their software.  Even the best software has bugs.

One of my favorite shows on NPR is On The Media.  Each week, the hosts examine a variety of topics related to the media, mostly in the US.  I hear the show on Sunday mornings on New Hampshire Public Radio.  On February 26, 2010, the show aired a story called “The Watchers.”  It brought me back to my graduate school days and my academic roots in computer science, specifically in pattern recognition and machine learning.

The story was about the value of the massive amounts of data that each of us leave behind as we go about our daily electronic lives.  In particular, John Poindexter, convicted of numerous felonies in the early 1990’s for his role in the Iran-Contra scandal (reversed on appeal), had the idea that the US government could use computers to troll through this data, looking for patterns.  When I was in graduate school, deficit hawks were interested in this idea as a way to find people who were scamming the welfare system and credit card companies were interested using it to ferret out credit card fraud.  Then George Bush became president and 9/11 occurred.  Suddenly, Poindexter’s ideas became hot within the defense department.

In 2002, Bush appointed Poindexter as the head of the Information Awareness Office, part of DARPA, and Poindexter pushed the agenda of “total information awareness,” a plan to use software to monitor the wide variety of electronic data that we each leave behind with our purchases and web browsing and cell phone calls and all of our other modern behaviors.  The idea was that by monitoring this data, the software would be able to alert us to potential terrorist activity.  In other words, the software would be able to detect the activities of terrorists as they plan their next attack.

The On The Media story described the problems with this program, problems that we knew about way back when I was in graduate school in the early 1990’s.  The biggest problem is that the software is overwhelmed by the sheer volume of data that is currently being collected.  This problem is similar to the problem of information overload in humans.  The software can’t make sense of so much data.  “Making sense” of the data is a prerequisite for being able to find patterns within the data.

Why do we care about this issue?  There are a couple of reasons.  The first is that we’re spending a lot of money on this software.  In a time when resources are scarce, it seems crazy to me that we’re wasting time and money on a program that isn’t working.  The second reason is that data about all of us is needlessly being collected and so our privacy is potentially being invaded (if anyone or any software happens to look at the data).  Poindexter’s original idea was that the data would be “scrubbed” so that identifying information was removed unless a problematic pattern was identified.  This particular requirement has been forgotten so that our identifying information is attached to each piece of data as it is collected.  But I think the main reason we should care about this wasted program is because it is another example of security theater, which I’ve written about before.  It does nothing to make us actually safer but is instead a way of pretending that we are safer.

When I was in graduate school, I would never have thought that we would still be talking about this idea all these years later.  Learning from the past isn’t something we do well.

{January 13, 2010}   Google in China

Google has received lots of criticism from human rights activists since it started to do business in China in 2006.  The criticism is focused on Google’s willingness to comply with Chinese official demands for censorship of information.  For example, when the Olympics were held in Beijing in 2008, Google censored criticism of the Chinese government from groups such as Human Rights Watch. When presenting search results, they put a disclosure statement on the search page that said something like “in compliance with local laws or regulations, some search results are missing.”  This has been a case of the lure of a huge Chinese marketplace triumphing over principles.  The lure of money can do that to even the best of companies.

Today, however, Google has decided to change its policies in China.  Apparently, the decision to change came when Google discovered their systems had been the target of hacker attacks attempting to break into the GMail accounts of Chinese human rights activists.  Although the official statement never explicitly accuses the Chinese government of being behind these attacks, the implication is there.  Imagine the disillusion in the Google front office when they realized that even though they were cooperating with the Chinese government, that cooperation was not appreciated, was not enough.  And so now, Google has said that they will stop censoring search results and may even end up pulling out of the Chinese market altogether.  If they do pull out, it could mean the loss of billions of dollars.  This is a significant decision and I hope Google benefits in other parts of the world for having made this decision.  In other words, I hope we hear as much praise for Google having made this decision as we heard criticism of their censorship concessions.

US companies continue to cooperate with the Chinese government in maintaining control of information getting into China.  The next company that should receive pressure to stop collaborating is Cisco Systems, which builds the hardware for the Great Firewall of China, run by the Chinese government to block information deemed offensive or dangerous from getting to the average Chinese Internet user.

So hooray for Google.  Let’s hope their experience is a lesson for other telecommunications companies.

{December 28, 2009}   Even More Security Theater

By now, you’ve probably heard about the thwarted terror attack on a flight bound for Detroit.  If you haven’t heard details, Umar Farouk Abdulmutallab attempted to light his underwear on fire to set off explosives (the same explosives that Richard Reid–the shoe bomber–used).  He failed to ignite the explosive materials and passengers and crew jumped him and put out the fire.

We’re still living with the legacy of Richard Reid’s attack.  Every time we fly, we have to take our shoes off for special screening.  So I would have expected the TSA response to Abdulmutallab’s thwarted attack to be … well, that every time we fly, we all have to take our underwear off for special screening.  Makes sense, doesn’t it?  But imagine the outcry from the public if we had to get naked in order to fly.  And so, naturally, that is NOT the TSA response.  Instead, the TSA has come out with a set of rules that make it incredibly obvious that none of this is about actually making us safer but is instead about responding in some way, in any way, so that people FEEL safer.

What are the rules?  Most of them have to do with limiting passenger behavior during the last hour of a flight.  Why the last hour?  Because that is when Abdulmutallab chose to initiate his attack.  There is absolutely nothing special about the last hour of a flight.  Why not the first hour of a flight?  Because this is about security theater rather than actual security.  So, during the last hour of a flight, you may not be able to use the bathroom or access your carry-on baggage or (and this is my favorite rule) have a pillow or blanket over your lap.  Because that’s where your underwear is, of course.

Feel safe?

{December 17, 2009}   Security Theater Revisited

I’ve written about the theater of airport security before.  Now here is an excellent piece written by an ex-cop about why airport screening fails to keep us safe and is really all about the illusion of security.  Her interesting observation at the end of the piece is that she believes more and more people are beginning to realize it’s all an illusion and that will mean that fewer people will be willing to comply.

Unless you have been on an island somewhere lately, you probably know that Eunice Kennedy Shriver has been hospitalized for the past few days and died this morning at age 88.  The achievement she is most well-known for, of course, is founding the Special Olympics.  She often cited her sister Rosemary as the inspiration for founding the Special Olympics, a fact that has been mentioned many times in the past few days.  I heard an interesting comment about Rosemary on NPR today.  The reporter said that Rosemary herself lived a very long life but had to be institutionalized for much of it because of her mental retardation.  I think this is actually a false statement. 

By all accounts, Rosemary’s mental retardation was mild.  In fact, there is some dispute as to whether she was mentally retarded at all.  But as an adolescent and young adult, she had violent mood swings and became difficult to control.  Her parents heard about a radical new procedure that could mellow out those mood swings and met the man who performed the procedure.  The man they met was Walter Freeman, whom I have written about before.  He popularized the lobotomy in the United States and performed thousands of them, including one on Howard Dully when Dully was twelve years old.  Dully went on to write the amazing memoir My Lobotomy, revealing that he probably is able to function as well as he does precisely because the procedure was performed when he was so young and his brain was able to recover.  Rosemary Kennedy was not as lucky.  Freeman performed the procedure on her when she was 23 years old and it left her with the mental capacity of an infant, incontinent and unable to speak.  She was institutionalized for the rest of her life.  Rose Kennedy (Rosemary’s mother) is said to have considered Rosemary’s incapacitation via the lobotomy to be the first of the Kennedy tragedies.  So it was Walter Freeman and his revolutionary procedure that caused Rosemary to be institutionalized for most of her life, not her mental retardation.

{July 18, 2009}   New Kindle Developments

I was talking to my dad tonight about the Kindle.  He’s a fan and wants one, but feels as though he doesn’t read enough to justify the expense.  I’ve written about the Kindle before and have said that I have a problem with Amazon’s high pricing of electronic books.  Now Amazon has screwed up in another way and I have mixed feelings about that.

Recently, Amazon removed all traces of the digital versions of two of George Orwell’s classic novels, 1984 and Animal Farm, from their web site so that Kindle users can no longer purchase them.  That action is not controversial.  Amazon’s other actions, however, are controversial.  Amazon also removed all digital traces of the novels from the Kindle devices of users who had purchased the novels.  It turns out that the publisher who sold Amazon the rights to distribute the novels did not actually own the copyrights (in the US) for them.  When Amazon determined that they were illegally selling the digital version of the novel, they stopped selling it.  But they also retroactively removed the digital versions of the novels from those who had purchased it.  People in the blogosphere writing about this issue have conflicting ideas concerning Amazon’s reaction.  Some are outraged while others think Amazon did the right thing.

The difference in these two points of view comes down to values.  Those who think Amazon did the right thing liken this to the police confiscating a stolen car from your driveway.  You never had the right to own the item, whether you purchased it knowing it was stolen or not  Those who think Amazon did the wrong thing believe that the users had purchased the item in what they thought was a legal manner and, therefore, Amazon should have left well enough alone.  In fact, many are making the argument that situations such as this are arguments against digital distribution of content since the ownership of digital content is so ephemeral.  The truth seems to be somewhere in between these two extremes, I think.  There are two reasons that this is not the same as the police confiscating a stolen car.  First, Amazon had a duty to determine that they were selling a legal product.  They failed in this duty and should be held liable in some way for that failure.  Second, once Amazon discovered their error in illegally selling the product, they were less than forthcoming about the remedy.  They did refund the purchase price of the novel but they didn’t clearly explain what had happened and clearly notify those who had purchased the novels that they were being removed.  Instead, Amazon surreptitiously removed the novels from the Kindle devices.  That’s wrong.  On the other hand, Amazon is not the devil in this situation.  They honored the copyright of the novels and, most importantly, they refunded the purchase price.  They tried to do the right thing.

As in so many situations, the real issue here seems to be about Amazon’s lack of forthrightness about the issue once it was discovered.  The cover-up of the crime once again turns out to be worse than the crime itself.  Did we learn nothing from Watergate?

{June 19, 2009}   Travesty of Justice

The Supreme Court yesterday ruled in a case from Alaska that the state does not have to provide physical evidence (which the state still has) to a man who has been in prison for 16 years for the purposes of new DNA testing (which the man has agreed to pay for himself).  Ed Brayton provides an excellent analysis of the case and explains the negative impact of the decision on our justice system.

{May 30, 2009}   Recycling

If you’re anything like me, you probably have a couple of old, unused computers lying around your house gathering dust.  In my house, we had six computers until recently, two very old desktops, two relatively old laptops and two new laptops.  We had accumulated these six computers in just 11 years since we had a fire in 1998 which destroyed most of our belongings, including our computers.  It’s amazing how quickly we accumulate new computers.  A lot of this quick accumulation is the result of planned obsolescence, the idea that computer manufacturers design computers to either fail or not be able to keep up with newer technology in a certain period of time.  And then, of course, there’s the question of what to do with the old computer when we get a new computer.  In fact, the EPA estimates that 30-40 million computers will become surplus each year for the next several years.  The EPA also classifies these surplus computers as “hazardous household waste” so simply dumping the computer into a landfill is dangerous.

When I purchased my newest laptop, I got a form to send in along with my old computer so that it could be recycled.  The problem with this form for me was that I really wanted to recycle the old desktop computers but they are HUGE and I really didn’t want to pay for the shipping even though the recycling itself would be free.  So I decided to check out the options at my local transfer station.  It’s a “transfer station”–not a “landfill”–so I was hopeful that they’d have a solution for me.

It turned out that for $8 each, I could dispose of both of the computers at my local transfer station.  I believe $5 of the $8 was for the monitor.  Apparently, the glass in the CRT of the monitor contains a high amount of lead.   The tower portion of the computer contains mercury, cadmium and fire retardant.  The mouse, keyboard, speakers and so on apparently don’t contain hazardous waste although since they are made of plastic, they still should not end up in a landfill. 

My local transfer station hires a company to take away the hazardous portions of the computer and that’s why we have to pay a fee.  When I placed the monitors and the towers in the appropriate sections of the transfer station, I noticed that there were upwards of 50 other systems there, many of which were far older than mine and which looked like they had been there for a long time.  I live in a really small town and so I do imagine that it would take a while to accumulate the number of systems that would make a trip to the town by the recycling company worthwhile.  Since we’re a small town, our transfer station is completely out in the open, with no building covering any of the materials dropped off there (which raises a whole other issue of what happens when paper gets wet and the fact that we pay by weight to have it taken away).   So I did wonder what the environmental impact of having those computers systems sit out in the weather for all these years might be.  But at least they won’t end up in a landfill.

{May 23, 2009}   Security Theater

Nothing captures the public’s attention like a named killer.  Jack the Ripper.  The Boston Strangler.  Son of Sam.  Zodiac.  The Night Stalker.  The Green River Killer.   Last month, a new name was added to this list: The Craigslist Killer.  It turns out that Philip Markoff, the medical student who was arrested (and who has pled not guilty) for the murder of Julissa Brisman in Boston, is not the first killer dubbed “The Craigslist Killer.”  In fact, quite a few murderers who met their victims via the popular classified advertising site have been dubbed “The Craigslist Killer.”  What’s interesting about this latest murder, however, is the response from the administrators of Craigslist.

Police claim Markoff had attacked several other women in the days leading up to his alleged murder of Brisman.  He apparently found his victims on Craigslist in the “Erotic Services” section of the online advertising site (although it isn’t clear that all of them were found in that section–I’m making an assumption based on Craigslist’s response to the murder).  An earlier victim, for example, had advertised as an exotic dancer.  Brisman advertised her services as a masseuse.  When Brisman was shot, Markoff was allegedly attempting to restrain her, presumably in as a prelude to robbing her, as he had his earlier victims.  By all accounts, Markoff is an unlikely suspect, a Boston University medical school student with no criminal record and no history of legal problems.

In the wake of this murder and series of crimes against women, several attornies general have called on Craigslist to do something to prevent future use of the web site by predators.  Craigslist has responded.  They will remove the section called “Erotic Services” and replace it with an “Adult Services” section that will be “monitored” by Craigslist employees.  Any sexually suggestive advertisements will expire after seven days.  This response appears to have satisfied the attornies general for now but to me, this is an example of what Bruce Schneier has called “security theater,” an action which is about making us feel safer without any real consequence to actual safety.

To see what I mean by this, think about the Brisman case.  She was advertising her services as a masseuse.  I’m not sure whether her advertisement was under “Erotic Services” but let’s assume it was.  I’m also not sure whether her advertisement was sexually suggestive but again, let’s assume it was.  So if someone were to write the exact advertisement that she had used today, Craigslist employees would review it and presumably decide it was one of the ads that needs to expire in seven days.  In those seven days, many Markoff clones would review that ad and presumably call for those services.  Is the woman now any safer than Brisman was?  And after the ad expires, the woman will now write a new ad.  Does the fact that her ad expired in seven days make her any safer?  And what is more likely to happen is that the woman advertising masseuse services will NOT write a sexually suggestive ad (because she know that it will expire in seven days) and will therefore, NOT have her ad expire in seven days.  Is she any safer than Brisman was?

It is completely unclear to me how a Craigslist employee reviewing “Adult Services” advertisements could have saved Julissa Brisman.  So perhaps what we should be calling for is the complete elimination of both “Erotic Services” and “Adult Services” advertisements.  Brisman was advertising as a masseuse.  Do we want to go so far as to claim that ALL massages have an underlying erotic dimension and that they therefore should ALL  be banned from advertisement?  Why don’t we ban those advertisements from all newspapers, both in print and online, then?  In fact, there have been many murders in which the murderer and victim met through newspaper classified ads (just google “lonely hearts killers” to get a sense) and yet those advertisements have not been banned.  Maybe they should be.  But then we should also ban all advertisements for masseuse services from the Yellow Pages, right?  In fact, maybe we should ban massages altogether. 

The response by Craigslist to the fact that an alleged murderer met his victim via their web site is all about theater, about making us feel safer rather than really making us safer.  In actuality, nothing could have stopped Markoff from robbing someone and in those robberies, someone who resisted him was likely to get injured and perhaps even killed.  Why do we need to kid ourselves otherwise?

et cetera