Leavin' on a Jet Plane, Part Two: The Laptop Strikes Back

In my last post on the future (or lack of it) of air travel, I noted that all personal electronics - including laptops - are being banned from carry-on luggage on the premise that they can be used to remotely trigger bombs. What I didn't mention, since it would have amounted to a major (if not augmented) digression, was the way in which this method of reducing risks on the plane is likely to lead to increase risks after landing.

And no, I'm not talking about the Air Rage likely to result from being stuck, with no form of diversion, on a transatlantic flight in the center seat between a colicky baby with the lungs of a Wagnerian soprano and a chatty insurance salesman from Topeka. What I'm talking about is the risk of damage to or theft of those laptops in the checked baggage.

I'm hardly the first person to think of this (or anything else, for that matter). Computerworld ran an article on the problem back on August 10th, along with some very common-sense advice on how to minimize the fallout from breakage (such as backing up data on a regular basis) and theft (encryption and password protection).

That advice is also, I'm afriad, very timely.

A new survey of 500 information security professionals by Ponemon Institute LLC (reported in Computerworld once again) informs us that "eighty-one percent of companies surveyed reported the loss of one or more laptops containing sensitive information during the past 12 months". Eighty-one percent. Worse yet, 97% of stolen laptops are never recovered.

And this happened before the new restrictions went into force. Anyone care to guess what's going to happen in the next twelve months? Corporate spin machines are probably being primed with a fresh load of excuses, diversions, fabrications, obfuscations and some good old-fashioned hooey even as this is written.

It makes the recent flap over recent laptop losses at the Veterans Administration and the Navy look less like an aberration and more like business as usual - especially when you add in the recent loss of two laptops containing "names, addresses, birthdates and Social Security numbers of about 133,000 Florida residents" as well "fraud case files involving government contracts and grants" by the Department of Transportation. Is it any wonder that identity theft "remains the #1 concern among consumers contacting the Federal Trade Commission", according to the Identity Theft Resource Center?

What we have here, in short, is another instance of the law of unintended consequences. In attempting to reduce the risk of terrorist attacks, we increase the risk of laptop theft. That increases the risk of stolen identities, which can, in turn, be used by terrorists and other criminals to achieve their nefarious ends.

Are there steps we can take to minimize those unintended consequences? Certainly. Are we here in the USA likely to take them? Probably not. But that's a subject for a future blog entry.

Leavin' on a Jet Plane

We put up with the long security check-in lines. We sighed as we surrendered our nail clippers and penknives. We took off every possible metallic item except our fillings and shuffled through metal detectors in our stocking feet.

But we grinned and bore it because we understood the need for security and air travel was still bearable, even if it was coming to increasingly resemble the Greyhound bus experience of thirty years ago.

But now the technological sophistication of the Bad Guys has advanced, as it always does, and the bar has been raised substantially for the rest of us.

No liquids, gels, or anything remotely resembling them. Those Dr. Scholls gel insoles are right out; ditto any child's toy with gel components. Also, no books, laptops, MP3 players, cell phones, or pretty much anything else that might make a transatlantic flight bearable. Even electronic key fobs are banned in Britain.

Has long-distance air travel finally jumped the shark? History suggests that this just might be the case.

Consider: Until the spread of mass, mechanized transit in the last century or so, long-distance travel was, for the vast majority of people, a dangerous and expensive proposition. International travel was even more so, and usually, therefore, the exclusive privilege of the very rich.

Think about it. Before the advent of the ocean liner and then the airplane, overseas travel was risky business, indeed. If the weather or scurvy didn't get you, pirates (we'd call them terrorists now) would. Even on the ground, travel via coach for any distance was slow, unpleasant and, of course, there was always the risk of highwaymen.

For a while we lived in a bubble of relatively safe and inexpensive long-distance travel. As the gap between the technology of travel and the technology of travel disruption closes, that bubble may be about to burst. Safe air travel may soon become so expensive that only the wealthy - with private jets and private security personnel - will be able to afford it. Mass air transit will simply be too dangerous.

We live, alas, in interesting times.

Who Are the Brain Police?

[With apologies to the late Mr. Zappa]

Who are they? Well, to hear some folks over at Slashdot talk, you'd think that they were the managers of the posh Canoa Ranch Resort condominium/hotel in Tucson. It seems that, along with all the other upscale amenities (salon and spa, resort pool, fitness center and “Village Center” - does No. 6 know about this?) the owners are going to provide you with wireless Internet access as well.

Oh, yeah: they're also going to require you to encrypt access to that wireless access point (WAP).

Well, once the Slashdotters got on to that one, you'd think that Jackooted Thugs were just around the corner. As Paul McNamara relates in his July 24th Buzzblog at Network World, “Silly was the least of the insults tossed at this idea.” The technorati were in High Dudgeon (just down the road from Low Dudgeon) and waxed wroth.

Then Roth waxed them for a while, but that's a topic for another blog - probably the one where I defend stealing jokes from Julius Marx.

Anyway, when asked why all the fuss, Sales Manager Bryan Welch said “We just don't want to see anybody hurt with their wireless system. If someone (unauthorized) were accessing it and an owner's information, there could be damage and a potential lawsuit.”

To which The Technology Curmudgeon can only add: “Well, DUH!”

Despite the fact that one Slashdot poster (as quoted by McNamara) took the position that the decision to provide encryption on your WAP was no different from the decision on whether or not to lock your door, the stakes here are clearly higher. Failure to secure your home can result in loss and misery for you and your family, but that's about as far as it's going to go.

Failure to secure your WAP, on the other hand, is more like driving under the influence in that you create a public nuisance, if not an outright menace. An unsecured WAP is an invitation for war drivers to use that access point for a variety of nefarious purposes, including the dissemenation of spam, worms and viruses - all of which cause damage to the community as a whole.

Cruising the Information Superhighway unsecured, in short, is not that different from cruising the Interstate with a fifth of Jack Daniels in your bloodstream.

So, while nobody is seriously suggesting (yet) that There Oughta Be a Law, I don't think you can say of wireless security (to quote “Fats” Waller in a totally different context) “'tain't nobody's business if I do”.

I Can See Clearly Now

Or not. Being a dissertation on the process of making lousy decisions.

Ever wonder how some big-time decision-makers wind up making such lousy decisions? It's easy (and not necessarily wrong) to chalk some of them up to a combination of arrogance, greed, and simple immorality. The Vioxx and FEMA debacles come immediately to mind as examples. In an article in the Harvard Business Review earlier this year, however, Max H. Bazerman and Dolly Chugh suggest that there may be another factor operating. They call it "bounded awareness"; most of the rest of us would probably call it "tunnel vision".

According to the authors, "bounded awareness" happens "when cognitive blinders prevent a person from seeing, seeking, using, or sharing highly relevant, easily accessible, and readily perceivable information during the decision-making process". This can cause decision-makers to miss important information just because it's not readily available or because they don't appreciate its significance. It can also result in a failure to share that information because, again, someone has failed to notice that it is, in fact, important.

In a January 9th interview for Computerworld, Bazerman elaborates on these ideas and offers examples of the phenomenon from the lab of Cornell's Ulric Neisser (a key figure in the study of human perception and the guy who coined the term "cognitive psychology" back in 1967, for those of you keeping score) that involve the use of visual illusions. In one study, subjects asked to focus on one particular aspect of a video - how many times a soccer ball is passed among the players - completely miss another aspect that would be obvious to anyone not focused on that first aspect. In this case, it was a woman holding an umbrella walking right through the middle of the game.

Now, this sort of stuff is fascinating to me because, before I became a Technology Professional (and got my official Propellor Beanie, complete with MP3 player, webcam, 1 gigabyte of VRAM and Windows Beanie Edition), I was, among other things, a psychology grad student specializing in visual and auditory perception and statistics. I was also an amateur magician. Findings like this, therefore, are no big surprise to me. What was a bit of an eye-opener was this quote from the Bazerman interview: "In Neisser's study, only 21% saw her. My experience with executives is closer to 3%".

Yup, that's right: according to Bazerman, the guys making the big decisions at the big corporations/governments/whatever are roughly seven times more likely to succumb to tunnel vision than us ordinary mortals.

Of course, anybody can fall prey to this. I have found myself doing it more than once. Unfortunately, the skill to focus and concentrate on a single task - a vital one, especially in IT - is at war with the ability to step back, take a look at the larger picture, and ask yourself whether or not you might be missing something that's right under your nose.

So we all need to make sure we're not missing the woman with the umbrella. She might be trying to tell us that it's going to rain.