Technology, morality, juries and politics

Letters We learned this week that science is considered too difficult for juries to get their good-and-true heads round. The solution, according to the House of Commons Select Committee on science and technology, is to remove them from trials where this confusing evidence will be presented:

Did the House of Commons Select Committee on Science and Technology state any evidence for believing that juries are significantly worse affected on science and statistics than other sections of society, such as MPs, journalists, judges, civil servants, doctors (concerning statistics), etc?

On this issue, what would be better for juries (and everyone else) is to have some expert testimony that is independent of prosecution and defence and agreed by both parties; only on expert testimony where there is disagreement, should the parties use their own partisan experts.

Best regards

Nigel

So then, British juries are a bit thick? Like those here where I live!

Ian Burbank, CA

A House of Lords select committee this week warned that a National ID card would fundamentally change the nature of the relationship between the State and the individual. It said that the existence of a national identity register database would make abuse of privacy possible, and called for an independent commissioner to oversee the development of the project, rather than the Home Secretary:

>> the legislation will be pushed through once a critical mass of the >> people have voluntarily received identity cards <<

Surely it will be the /uncritical/ mass that _voluntarily_ receives the card...

Regards, Mike

Most droll, Mike.

A friend sent me a link that illustrates just where this type of thing [ID cards, national identity registers etc] can go....

I'm not sure what is more disturbing... the type of integration that is illustrated or that I have a point of agreement with the organization who produced the clip. (The American ACLU and US Conservatives are often diametrically opposed..)

Bill

In the run up to a general election, which is widely expected to be called for May this year, plenty of companies are taking advantage of the opportunity to talk about e-voting methods, and how new channels might affect turnout:

Saying that electronic voting will increase the vote turnout is a fallacy. The only thing to do so is to switch polling day to a weekend. In countries where voting is held in the weekend, there is a much higher turnout. Voting during the week turns into a 'I need to vote now. Don't have time. Oh well maybe next time' situation. Voting in the weekend gives most of the day for people to get off their butts and get down to the polling box. Perhaps this solution is just not high tech enough. Though it does make it more difficult for EDS to screw it up.

Mike

BT boss Ben Verwaayen has told the rest of the telco industry to follow its example, and stop waiting for Ofcom to break it into little tiny pieces. Ben might not be alone in his opinion, but we didn't get any letters backing him up:

What planet is Ben Verwaayen on? Since when has BT become a "service company that does interesting things" ? Take the spin out of that phrase and you might have a more accurate offering:

"A poor service company which says it will but rarely does".

Hey Ben - the companies I work for will be able to get on with life when your company gets round to doing what it promised to. BT are a blockage. Wake up, smell the coffee and start improving customers' experiences.

James

How much do people care about mobile phone security? Well, if this letter is anything to go by, the real question is do people understand mobile phone security:

While I agree with your general idea that many Average Joe people do not rate security as a primary concern in their everyday use of electronic devices, I think you are incorrect in saying they don't care, or that they don't care due to ignorance.

Take the Paris Hilton/Sidekick example. Her phone was not hacked. What was hacked was a mind-numbingly stupid password reset question. Everyone knows these types of questions are supposed to be "easy to remember, difficult to guess", yet they included a question that is general extremely easy to find out-- even if you aren't world famous. My name and Google should be enough for you to figure out my favorite pet name (or at least narrow it down) in about three minutes. Bet it wouldn't take you that long to guess my T-Mobile username, but don't bother; my password reset question is filled with garbage. Even if they don't have a webpage, most people that have pets only have one and names are easy to find out.

But that's not the point. It very likely didn't occur to someone (a developer at Danger, T-Mobile, or someone in the Hilton household) that this question represented a great deal of exposure. And this is not that people don't care about security, it is that security, chains of trust, and exposure risk are very very complex topics that people do not understand. Caring and understanding are two different things. Most of us care about our health, but we are not all doctors.

The fact that it was the password to her (many featured) mobile phone account and not, for example, her banking account makes little difference. Yes, the contents of her phone are a bit more interesting (to most), but the banking account could have caused a great deal more damage. Does that mean we should all get rid of our banks as well?

You comparison of the Sidekick to the Titanic is exactly the kind of non-sense over reactionary thoughts I would expect from someone that does NOT understand the security issues or implications of what is going on. If we find out about a cruse for the first time because of news of a sinking, many of us ARE smart enough to realize they are not all doomed to sink, and that the reality is most of them do just fine and the guests all have a great holiday.

Given T-Mobile's seeming desire to suppress the Sidekick in their business market and ignore it in their other markets, it is no surprise that many people don't know about it. This is a device that has an inherent draw to geeky people that understand a thing or two about technology. Upon learning about it, the real question is not one about the security of the platform so much as "can I pick a better password than some ditzy rich kid?" I know _my_ answer to that question, and I applaud those new Sidekick users that were able to see past "THE SKY (Titanic?) IS FALLING!" reaction most of the press put on the issue.

The Sidekick documentation is very clear that the data on the phone is sync'ed with T-Mobile's servers, in fact they consider that a data backup feature, and make quite a big deal about it ("Your data is safe, even if you loose your Sidekick!"). Because of that, there is some info I won't save to my Sidekick, although I'd really like to-- passwords to the dozens and dozens of websites that make me set them up, for example. I'd rather have that data lost then transferred to systems I don't control. But I know how to manage risk and exposure, so while I carry a Sidekick, that information isn't there. I'm still happy to save a picture or two of my kid playing on the playground, however.

I'll even put it up on my website if you really want to see it, no hacking required.

-jay

More on the fuss at Harvard about the ethics or otherwise of sneaking an unauthorised peak at the university's admission data:

Hmm. About these Harvard hackers sneaking a peek at the status of their college applications. They didn't steal anything. They just read something they weren't supposed to be able to read. They didn't do any damage and they didn't take anything away from anyone. How can this be considered in the same moral light as theft? There wasn't even the issue of reducing the profits of megacorporations which exists with, for example, making illicit copies of information you're supposed to pay for like music.

So how come one correspondent says that someone reading information he's not supposed to read is morally equivalent to stealing a car?

How does that work? And if it does work, think about this:

If it's unacceptable for someone to read information on a computer that's not supposed to be read by that person, isn't it also theft for someone to read paper information they're not supposed to read? Which means you should get locked up for sneaking a peek at the boss's morning post if he's left it out on his desk.

The thing is that theft has to involve permanently taking away from a person something which that person possessed. Small-scale illicit *copying* can't possibly count as theft. It can be breach of copyright (a civil matter, while theft is a crime) and a breach of laws designed to make breaking into computer systems illegal and things like that, but it can't be theft.

Rowland

Earlier this week you ran an article on Harvard applicants being rejected because they followed a link to a website vulnerability that revealed their application status.

The article seemed pretty one-sided in favor if the hackers who were knowingly trying to access things that they were not allowed to.

The one point I didn't see made was, "Why can't these applicants see files that are specifically related to themselves?" I mean, it's not like they were looking at other students applications, or the status of some ethics professors personnel file.

There seems to be, at the heart of all the ongoing debates about identity theft, ID schemes, public scanners, and endless archives of personal data, a hypocritical notion that governments and big-business want to know everything about us, with or without cause, but we must remain completely in the dark, even about things that directly affect our lives.

I wonder what Harvards ethics department thinks about a massive database of psychological profiles that would allow a company to market/influence a person to buy a product that, in unbiased consideration, they would obviously decline. Even we armature ethics analyst can make that call.

Then how similar is it, for an institution, to keep a private file on an applicant or employee for its own gains, without regard for any negative effects to the later party.

I'm sure if you bounced that around Harvard they could come up with many LAME excuses why it is 'necessary' , but it is becoming more and more obvious, that anyone hoarding private information for their own gains, is playing on the darker side of this grey area.

Agent Smith

The Author Responds (to Benjamin's letter last week):

I did not give the applicants to HBS and the other business schools who peeked at their application status a free pass, nor did I suggest that they should get off scott free.

I did point out that what they did was wrong, unethical, and probably illegal -- despite the fact that the exploit they used consisted of entering a lengthy URL. Essentially, they went somewhere they knew they weren't supposed to go, for improper purposes at that.

Where we differ is in how HBS should respond. This can be an opportunity to educate at least some of these individuals who are capable of being educated to become more ethical. If these people are truly unethical (and didn't just make a foolish choice) they should not be admitted into ANY business school -- HBS and others should publish their names and blacklist them.

I simply suggested that HBS treat these applicants as individuals -- rejecting those who should be rejected and accepting those who, considering all the circumstances (including the computer trespass) nevertheless would make good business school candidates.

More disturbing is the fact that your opinions are in the minority -- the majority of respondents believed that the concept of B-school is inherently unethical, or that these applicants had some RIGHT to see their scores, or that simply typing a URL cant possibly be unethical.

Mark

Technology is not being used to its full potential in the political process, Telewest said last week, and suggested we ought to all email our MPs, forthwith. But what good will that do, you wondered, if your MP is a luddite?

Emailing your MP is only useful if the MP actually bothers to read it. Here in Cambridge there are loads of techies ready to fire off an email at the drop of a hat. However, it's well known that it's totally useless sending email to our MP. If you send an email on subject X all you get back is a reply saying "Thank you for your email on X, the Labour Party's policy on X is" followed by a cut and paste job from New Labour's propaganda files. If X isn't a standard topic you just get a vaguely related policy dump which often makes no sense in the original context. If her email isn't answered by a pattern matching Perl script whoever does answer it has failed the Turing test.

Arthur

The last time (and only time) I emailed my mp was after a drunken night when forwarding on a chain mail demanding the police stop prosecuting the naked rambler seemed like a top idea.

The Merton MP was nice enough to respond, sending me a letter thanking me for my interest in Leasehold reform and assuring me that he was taking a personal interest in the legislation.

I expect there is a Merton constituent who wrote to his MP asking about Leasehold reform who is still baffled by the response he received.

Chris

Keep 'em coming - we'll have more letters on Friday. ®