Shostack + Friends Blog Archive


SHB Session 5: Foundations

Rachel Greenstadt chaired. I’m going to try to be a little less literal in my capture, and a little more interpretive. My comments in italic.

Terence Taylor [link to no longer works], ICLS [link to no longer works] (Suggested reading: Darwinian Security [link to no longer works]; Natural Security (A Darwinian Approach to a Dangerous World)). Thinks about living with risks, rather than managing them. There are lessons from biology, not biomimicry, but discovering concepts. Produced Natural Security book [link to no longer works] with an interdisciplinary group. Security is not just about survival, it’s about adaptation to a range of risks. Consider collapse of Soviet Union as adaptive survival, rather than destruction. Core, Russian Federation, is still in place. Risk is good. It’s essential for survival when the world changes. Risk takers are good for our societies, because they are drivers of change. Shows (line) graph of biological risks from natural disease to deliberate misuse. Creeping risks, such as anti-biotic resistance, are hard to address. Critiques safety/security split as inappropriate.

Andrew Odlyzko, University of Minnesota (Suggested reading: Network Neutrality, Search Neutrality, and the Never-Ending Conflict Between Efficiency and Fairness in Markets, Economics, psychology, and sociology of security.) Responds to yesterday’s debate with new slides. “Half a century of evidence: people cannot build secure systems. People cannot live with secure systems.” Half a century (II): people don’t need secure systems. More general: it’s amazing that society functions People are innumerate. We get groceries on the shelf anyway. Main issues are adaptability and survivability. Technologists view cyberspace as a separate world to compensate for defects of human space. Quotes John Perry Barlow’s Declaration of Independence of Cyberspace. Says it should have seemed naive then, and more today. (Who was it that said that all progress is due to the unreasonable?) Comments on interplay between human space and cyberspace, compensating for each other. Claims cyberspace doesn’t matter much. (More really is different) Contrarian lessons for the future: build messy.

danah boyd, Microsoft Research: Taken Out of Context – American Teen Sociality in Networked Publics Link is to dissertation, really long, but worth scanning. Will cover two case studies. Study 1: lies. What do teenagers lie about online? Profiles that claim to be 95 year old from Christmas Island, graduating from high school in NJ in 2011. Lots of people from Algeria, Zimbabwe (first and last in list). Lots of 61, 71 (16, 17). Random selection of ages. Birthdates are accurate, years are not. What people lie about is dependent on safety. Kids are told to lie. “COPPA has encouraged an entire generation of liars.” Put in inaccurate info to protect selves.
Study #2: password sharing. 22% of teens in 2001 shared passwords (PEW). Found almost all teens have shared passwords with at least one person–at least their password. Share passwords with significant other, of BFF. It’s about trust. If I don’t share, someone might think I have something to hide. Change passwords before breakup. Sharing is core of a lot of bullying. Teen relationships last about a week and a half. Summarize: people invested in security bring a lot of thoughts about what what should be. Teenagers: our “shoulds” don’t matter. Facebook 25 things meme was different based on conception of audience. Adults: writing for ex-friends from high school. Teens: funny bits for current friends. Can’t think about security without thinking about how young people are thinking about privacy. Teenagers don’t think privacy is dead. Teens are taking a set of lessons from public people (celebrities). Angelina Jolie puts lots of information out to allow her to hide what’s important to her. boyd sees teens using techniques from high-censorship regions: puns, context, subtexts. Teens have not lived in privacy world we live in. Teens have no sense of home as a private zone; no control of who can enter their space. Privacy is about a sense of control. Control in a social media context is about how information flows. How far, who will understand it? “Privacy is getting complicated, getting messy.” (Getting complicated?!)

Mark Levine, Lancaster (Suggested reading: The Kindness of Crowds; Intra-group Regulation of Violence: Bystanders and the (De)-escalation of Violence) Groups and violence. Traditional psych of social order: mob violence, mass hysteria. “It’s all negative.” “Other people will do it not us.” Wants to persuade us that groups can also be good. Studies data from CCTV. Notes issues with CCTV overall, but focuses on incidents identified by camera incidents. Operators are trained. Advantages: see in real time. Disadvantages: no info about individuals, event, relationships, no history or sound. Shows video, people intervene. Predictions from traditional psych: as groups grow, de-individuation. Increasing anti-social acts. Diffusion of responsibility. Actual observation: larger groups, increase incidence of de-escalatory behavior. Third turn in sequence (escalation/de-escalation) is the one that tends to be predictive. More people involved but when lots of people say stop, pro-social outcomes happen. “How do we fix the world? When it comes to violence, group processes are part of the solution, not part of the problem.”

Jeff MacKie-Mason, Michigan (Suggested reading: Humans are smart devices, but not programmable; Security when people matter; A Social Mechanism for Supporting Home Computer Security) Security problems = incentive problems is primary assertion. (How does that relate to Andrew’s point re: we don’t know how to make secure systems?) Humans are responsive and smart. Argues that Google put sponsored links in place in part to overcome SEO & google-bombing. How can we design to use economics? Sciences of motivated behavior: microeconomics, strategic rational choice (game theory), social psychology, personality psychology. Says we can use signal theory to keep bad guys out. Passwords & captchas. Principles for design tradeoffs: relative costs to auth & not-authorized users…Get good guys to help: private provision of public goods. botnets. Address with economic philanthropy theory, non-monetary contribution theory: social norms, social identity, positive self-esteem, optimal distinctiveness, affiliation. (Lots of psych). Problem: discourage delinquency. Apply hidden action theory. Contracting theory, social comparison theory: leaderboards, dissing, etc.) Summary: humans are smart devices who respond to design motivations.

Questions while Joe sets up: Peter Neumann asks Jeff “what about all the Chinese folks who’ve never patched because they’re using pirated system?” Jeff: not sure, but perhaps the ISP could carry burden. Mike Roe asks Mark Levine: is system he showed social norms or figuring out how outnumbered you are? Critical thing is that the third turn not “de-escalate” the interveners. Levine has data on third punch.

Joe Bonneau (Suggested reading: The Privacy Jungle: On the Market for Data Protection in Social Networks.) Spends time hacking Facebook & other social networks. Caricatures of views: security researchers: social networking is pointless and childish. Facebook developers: privacy is boring, difficult and outdated. Why bother with the mess? Shows growth of facebook. (Claims that that means it will stick around.) People underestimate what facebook is: it’s a re-implementation of the “entire internet.” Replaces HTML with FBML. Craiglist with Facebook marketplace. Re-invented the internet with centralized, proprietary and walled with the addition of social context. “Given sufficient funding, all web sites expand in functionality until users can add each other as friends.” (JWZ: “I want to write software that will help people get laid.” 1996?) Social networking repeat all the web’s problems. Phishing, spam, id theft, malware, stalking. (So what value does all that “social” add?) Shows example of a 419 scam on Facebook. Shows example of Scramble asking for permission to view friend info. Conclusion: Negative: Social context aids phishing and scams; fun, noisy, unpredictable environment; people use social networking with brain off. Positive: can analyze graphs to spot fraud, social connections can help establish trust.

Question from John Mueller for Terry: nature responds to sustained change, not momentary. Connects to anthrax. Terry: when you get something perceived as catastrophic, adaptation is odd. Human reactions are faster, less sustained. Already there’s reaction to post office spending $6.5 billion. Over-investing in one place made the US more vulnerable to other, more common events.

Diana Smetters comments to Joe. Mark Sieden has suggested looking at social networks of bad guys.

David Livingstone Smith comments that adaptions continue if it propagates the genes. Adaptive traits can be damaging to individuals while increasing gene propagation. Asks Terry to comment on how well analogy is working in security domains. Looking at organisms, they adapt in ways which are collective. (Cicadia spending different numbers of years underground.) Andrew Odlyzko comments that the addition of learning changes things. Commented on financial rating agencies negotiating sludge in CDOs; analogy to AV companies advising virus writers.

Allan Friedman comments interesting response to a talk yesterday, maybe we’re not screwed. Asks danah for insight into how resistant “digital natives” will be to fraud. danah says that these populations are not understanding of systems. “Digital natives stuff is bullshit.” Reliance on Google is huge. They don’t check links. Lose passwords more often than stolen. Teens are vulnerable to phishing, leave systems. MySpace has huge problems, Facebook getting bad. Joe adds that he spends an hour a day looking at privacy settings, doesn’t understand them. danah says the one thing saving most teens is fear of parents, college admissions officers. Teens also jump systems fast. Joe says “they build their own security on top of one they don’t know how to use.” Jeff Friedberg asks about teen models of trust boundaries, and do systems represent trust boundaries well? danah says system/teen match is dreadful. Lots of dependencies on socio-economic status over age. Relations to extended families is very different between low & high income. Mid-to-high income kids more likely to trust peers. (maybe related to societies with effective formal problem resolution?) Can’t manage things like “on the out with mom” on network. Formalization of these things is not reflective of real world.

[Update: Bruce Schneier’s post is here. Matt Blaze has audio [link to no longer works].]