Quotulatiousness

April 7, 2014

US government data security failures

Filed under: Bureaucracy, Government, Technology — Tags: , , , , — Nicholas @ 09:02

David Gewirtz says that the press has totally mis-reported the scale of government security breaches:

Summary: This is one of those articles that spoils your faith in mankind. Not only are government security incidents fully into holy-cow territory, the press is reporting numbers three magnitudes too low because someone misread a chart and everyone else copied that report.

You might think this was an April Fool’s gag, except it was published on April 2nd, not April 1st.

According to testimony given by Gregory C. Wilshusen [PDF], Director of Information Security Issues for the Government Accountability Office to United States Senate Committee on Homeland Security and Governmental Affairs that, and I quote, “most major federal agencies had weaknesses in major categories of information security controls.”

In other words, some government agency data security functions more like a sieve than a lockbox.

Some of the data the GAO presented was deeply disturbing. For example, the number of successful breaches doubled since 2009. Doubled. There’s also a story inside this story, which I’ll discuss later in the article. Almost all of the press reporting on this testimony got the magnitude of the breach wrong. Most reported that government security incidents numbered in the thousands, when, in fact, they numbered in the millions.

Emphasis mine. Here are the actual numbers:

Incidents involving personal identifying information grew from about 10.5 million in 2009 to over 25 million last year. By the way, some press reports on this misread the GAO’s charts. For example, the Washington Free Beacon wrote about this, claiming “25,566 incidents of lost taxpayer data, Social Security numbers, patient health information.” What they missed was the little notation on the chart that says “in thousands,” so when they reported 25,566 incidents, what that really reads as is 25,566 x 1000 incidents.

2014 GAO analysis of security breaches

This is an example of how the Internet echo chamber can get information very, very wrong. The Chicago Tribune, via Reuters reported the same incorrect statistic. So did InformationWeek. So did FierceHealthIT. Business Insider picked up the Reuters report and happily repeated the same statistic — which was three orders of magnitude incorrect.

This is why I always try to go to the original source material [PDF] and not just repeat the crap other writers are parroting. It’s more work, but it means the difference between reporting 25 thousand government breaches and 25 million government breaches. 25 thousand is disturbing. 25 million is horrifying.

The Non-Libertarian Police Department

Filed under: Law, Liberty, USA — Tags: , — Nicholas @ 08:37

I linked to Tom O’Donnell’s “Libertarian Police Department” article last week. This week, Conor Friedersdorf presents the Non-Libertarian Police Department. The difference is that O’Donnell’s department doesn’t exist, while Friedersdorf is describing far too many actual police departments:

I can laugh along with parodies of libertarian ideology. But shouldn’t a reductio ad absurdum start with a belief that the target of the satire actually holds? Tom O’Donnell proceeds as if libertarians object to the state enforcing property rights – that is to say, one of the very few state actions that virtually all libertarians find legitimate! If America’s sheriffs were all summarily replaced by Libertarian Party officials selected at random, I’m sure some ridiculous things would happen. Just not any of the particular things that were described. That isn’t to say that there weren’t parts of the article that made me laugh. It got me thinking too. If the non-libertarian approach to policing* was the target instead, would you need hyperbole or reductio ad absurdum? Or could you just write down what actually happens under the officials elected by non-libertarians? It is, of course, hard to make it funny when all the horrific examples are true:

I was just finishing up my shift by having sex with a prostitute when I got a call about an opportunity for overtime. A no-knock raid was going down across town.

“You’re trying to have your salary spike this year to game the pension system, right?” my buddy told me. “Well, we’re raiding a house where an informant says there’s marijuana, and it’s going to be awesome – we’ve got a $283,000 military grade armored SWAT truck and the kind of flash grenades that literally scared that one guy to death.”

“Don’t start without me,” I told him. “I just have to stop by this pawn shop. It’s run by some friends of mine from ATF. They paid this mentally disabled teenager $150 dollars to get a neck tattoo of a giant squid smoking a joint. Those guys are hilarious.”

Nick Gillespie on the politics of exhaustion

Filed under: Politics, USA — Tags: , , — Nicholas @ 08:13

Writing in the Daily Beast, Nick Gillespie looks at the terrifying prospect of a 2016 presidential contest between yet another Bush and yet another Clinton:

For partisan and media elites, ‘the past is never dead. It’s not even past,’ which means with these two candidates likely to lead the race in 2016, the future doesn’t look so different.

As if we need it, here’s extra proof that contemporary politics is more thoroughly exhausted than adult actress Lisa Sparkxxx must have been at the end of her record-setting roll in the hay at the 2004 “Eroticon” in Warsaw, Poland.

The Washington Post reports, “Many of the Republican Party’s most powerful insiders and financiers have begun a behind-the-scenes campaign to draft former Florida governor Jeb Bush into the 2016 presidential race, courting him and his intimates and starting talks on fundraising strategy.” For once, I found myself agreeing with Jesse Jackson. Can’t we just “stay out the Bushes” this one time at least?

On the other side of the aisle, it’s a given that Hillary Clinton is not only the presumptive Democratic nominee, but the only possible Democratic nominee anyone can name with a straight face (sorry, Joe Biden, but this just ain’t your century any more than the 20th was). “There was a Bush or a Clinton in the White House and cabinet for 32 years straight,” notes Maureen Dowd at The New York Times, whose headline writer adds, “Brace Yourself for Hillary and Jeb.” As it was, it shall always be. About the only cause for optimism is that there’s no Kennedy in the mix.

At least Lisa Sparkxxx participated voluntarily in her own screwing. For the large and growing plurality of Americans who identify as independent, there’s seemingly no way to opt out of the compulsive-repetitive disorder among legacy media types and partisan string-pullers. What is it that Faulkner said in Requiem for a Nun (1950)? “The past is never dead. It’s not even past.” Who knew that he was talking about politics in the goddamned 21st century, not Yoknapatawpha County after the Civil War?

The post-legalization hellhole that is Denver

Filed under: Law, Liberty, USA — Tags: , , — Nicholas @ 07:54

Well, we can’t say they didn’t warn us that if Denver allowed the sale of legal marijuana, it would descend into a lawless vortex of violence:

“There will be many harmful consequences,” Douglas County Sheriff David Weaver warned in a September 2012 statement. “Expect more crime, more kids using marijuana, and pot for sale everywhere.”

One California sheriff went on Denver television to warn that, as a result of marijuana in his county, “thugs put on masks, they come to your house, they kick in your door. They point guns at you and say, ‘Give me your marijuana, give me your money.'”

Three months into its legalization experiment, Denver isn’t seeing a widespread rise in crime. Violent and property crimes actually decreased slightly, and some cities are taking a second look at allowing marijuana sales.

“We had folks, kind of doomsayers, saying, ‘Oh my gosh, we’re going to have riots in the streets the day they open,'” Denver City Council President Mary Beth Susman, a supporter of legal marijuana, says. “But it was so quiet.”

[…]

Prior to legalization, opponents warned property crime would rise. Denver District Attorney Mitch Morrissey argued robbers would prey on marijuana businesses and their customers, because they’re more likely to carry cash (and, of course, the drug).

So far, city data shows no increase in property crime. Compared to the first two months of 2013, property crime in January and February actually dropped by 12.1 percent. Reports of robberies and stolen property dropped by 6.2 percent and 13 percent, respectively. Burglaries and criminal mischief to property rose by only 0.5 percent.

Denver residents don’t seem especially concerned with the issue, either. Susman recalls a recent community meeting she held with senior citizens: when she asked if the crowd wanted her to talk about marijuana, people told her they were tired of hearing about the issue.

“Based on my general understanding in my district, it is becoming ho-hum,” Susman says.


A sign is displayed outside the 3-D Denver Discrete Dispensary on January 1, 2014 in Denver, Colorado. Legalization of recreational marijuana sales in the state went into effect at 8am this morning. (Photo by Theo Stroomer/Getty Images)

Big data’s promises and limitations

Filed under: Economics, Science, Technology — Tags: , — Nicholas @ 07:06

In the New York Times, Gary Marcus and Ernest Davis examine the big claims being made for the big data revolution:

Is big data really all it’s cracked up to be? There is no doubt that big data is a valuable tool that has already had a critical impact in certain areas. For instance, almost every successful artificial intelligence computer program in the last 20 years, from Google’s search engine to the I.B.M. Jeopardy! champion Watson, has involved the substantial crunching of large bodies of data. But precisely because of its newfound popularity and growing use, we need to be levelheaded about what big data can — and can’t — do.

The first thing to note is that although big data is very good at detecting correlations, especially subtle correlations that an analysis of smaller data sets might miss, it never tells us which correlations are meaningful. A big data analysis might reveal, for instance, that from 2006 to 2011 the United States murder rate was well correlated with the market share of Internet Explorer: Both went down sharply. But it’s hard to imagine there is any causal relationship between the two. Likewise, from 1998 to 2007 the number of new cases of autism diagnosed was extremely well correlated with sales of organic food (both went up sharply), but identifying the correlation won’t by itself tell us whether diet has anything to do with autism.

Second, big data can work well as an adjunct to scientific inquiry but rarely succeeds as a wholesale replacement. Molecular biologists, for example, would very much like to be able to infer the three-dimensional structure of proteins from their underlying DNA sequence, and scientists working on the problem use big data as one tool among many. But no scientist thinks you can solve this problem by crunching data alone, no matter how powerful the statistical analysis; you will always need to start with an analysis that relies on an understanding of physics and biochemistry.

Powered by WordPress