Tag Archives: officer

True Video Lies

This is a longer version of a piece I recorded for the BBC World Service.

The other day my wife lost her phone out shopping. We narrowed it down to either the supermarket or the taxi. So we took her shopping receipt to the supermarket and asked to see their CCTV to confirm she still had the phone when she left.

To my surprise they admitted us into their control room. Banks of monitors covering nooks, crannies, whole floors, each checkout line. There they let us scroll through the security video—I kind of took over, because the guy didn’t seem to know how to use it—and we quickly found my wife, emptying her trolley at checkout line 17. Behind her was our daughter in her stroller, not being overly patient. It took us an hour but in the end we established what look liked a pretty clear chain of events. She had the bag containing the phone, which she gave to our daughter to distract her at the checkout. One frame shows the bag falling from her hands onto the floor, unnoticed by my wife.

Then, a few seconds later, the bag is mysteriously whisked off the floor by another shopper. I couldn’t believe someone would so quickly swoop. The CCTV records only a frame a second, so it took us some time to narrow it down to a woman wearing black leggings, a white top and a black belt. Another half hour of checks and we got her face as she bought her groceries at another till. No sign of the phone bag by this time, but I was pretty sure we had our man. Well, woman.

Except I’m not sure we did. What I learned in that control room is that video offers a promise of surveillance that doesn’t lie. It seems to tell us a story, to establish a clear chain of events. But the first thing I noticed was when I walked back out into the supermarket, was that how little of the floor it covered, and how narrow each camera’s perspective was.

For the most part we’ve learned that photos don’t always tell the truth. They can be manipulated; they offer only a snapshot, without context. But what about videos? We now expect to see cameraphone footage in our news bulletins, jerky, grainy recordings taken by unseen hands, raw and often without context.

This is not to say videos are not powerful truth tellers. But we tend to see what we want to see. When a policeman pepper sprays protests at the University of California there is outrage, and it does indeed appear to be unwarranted. But when four of the videos are synchronized together a more complex picture emerges. Not only can one see the incident within context, but also one gets a glimpse of a prior exchange, as the officer explains what he is about to do to one protester, who replies, almost eagerly: “You’re shooting us specifically? No that’s fine, that’s fine.”

This is not to condone what happens next, but this exchange is missing from most of the videos. The two videos that contain the full prelude are, of course, longer, and have been watched much fewer times: 12,658 (15 minutes) and 245,226 times (8 minutes) versus 1,346,781 times (1 minute) for the one that does not  (the other video has since been taken down).

I’m not suggesting that the more popular video has been deliberately edited to convey a different impression, but it’s clearly the version of events that most are going to remember.

We tend to believe video more than photos. They seem harder to doctor, harder to hoodwink us, harder to take out of context. But should we?

It’s true that videos are harder to fake. For now. But even unfaked videos might seem to offer a version of the facts that isn’t the whole story. Allegations that former IMF president  Dominique Strauss-Kahn may have been framed during a sexual encounter at a New York Hotel, for example, have recently been buttressed by an extensive investigation published recently in the New York Review of Books. There’s plenty of questions raised by the article, which assembles cellphone records, door key records, as well as hotel CCTV footage.

The last seems particularly damning. A senior member of the hotel staff is seen high-fiving an unidentified man and then performing what seems to be an extensive dance of celebration shortly after the event. This may well be the case, but I’d caution against relying on the CCTV footage. For one thing, if this person was in any way involved, would they not be smart enough to confine their emotions until they’re out of sight of the cameras they may well have installed themselves?

Back to my case: Later that night we got a call that our phone had been recovered. The police, to whom I had handed over all my CCTV evidence, said I was lucky. A woman had handed it in to the mall’s security people. I sent her a text message to thank her. I didn’t have the heart to ask her whether she had been wearing black trousers and white top.

But I did realise that the narrative I’d constructed and persuaded myself was the right one was just that: a story I’d chosen to see.

World’s Slowest Email?

Burma (Myanmar) may be in the running for the world’s slowest email: more than four months.

clipped from www.lirneasia.net

LIRNEasia and ISEAS organized an expert forum on ICT indicators in Singapore in March 2007.  On the 26th of January, the Myanmar Ministry of Post and Telecom sent an e-mail to the ISEAS in Singapore, nominating an officer to attend.   That e-mail reached ISEAS yesterday (4th June 2006; more than four months later).

How to Poison Someone on the Cheap

Intrigued and disturbed by reports that the former KGB officer Alexander Litvinenko may have been killed by radiation poisoning, I couldn’t help wondering how something like that was done? How easy would it be to get your hands on Polonium-210, the chemical element? Quite easy, it turns out.

If you’re in the U.S., or have someone with a U.S. PayPal account you could shell out $70 and buy it online at United Nuclear (“Supplying the science hobbyist, industry, government, schools & universities since 1998”), a New Mexico company with a fun attitude (“If you’re looking for a clean, accurate, certified radiation sources, here they are…”).

If you don’t want to wait that long, head down to your local photography store and buy a  StaticMaster Anti-Static Brush – 3″, whose ionizer is powered by alpha-energy from Polonium-210 ion sources. Cost: about $40. In fact you don’t need to buy the whole brush; you could just buy a replacement Polonium cartridge. According to this article, hold a StaticMaster against any glow-in-the-dark toy and you can see the polonium inside the cartridge glow.  

I don’t know enough about this kind of thing to say how you would then use this stuff to poison people, and perhaps the quantities aren’t enough. But while the StaticMaster is supposedly safe and that Polonium 210 has been used safely for decades, this may be because it’s sealed: The later website, AngelFire warns: Whatever you do, DO NOT abuse the physical integrity of the sealed sources. Po-210 is a dangerous inhalation and ingestion hazard!

It sounds as if getting your hands on Po-210 isn’t quite as tricky as it sounds. How you would then administer it, I don’t know.

An End to the Anonymity of Trash?

Britain is quietly introducing RFID (Radio Frequency Identity) tags to rubbish bins (trash cans) in a bid to measure the individual waste of each household and charge them accordingly. Some Britons are up in arms about this, saying that households have not been informed and calling it an abuse of privacy. Is it?

The UK’s Daily Mail reports that some bins, provided by local councils for households to dispose of their trash, contain coin-sized devices that monitor how much non-recyclable waste the owner throws out:

With the bugging technology, the electronic chips are carefully hidden under the moulded front ’lip’ of wheelie bins used by householders for non-recyclable waste. As the bin is raised by the mechanical hoister at the back of the truck, the chip passes across an antenna fitted to the lifting mechanism. That enables the antenna to ’read’ a serial number assigned to each property in the street.

A computer inside the truck weighs the bin as it is raised, subtracts the weight of the bin itself and records the weight of the contents on an electronic data card.

When the truck returns to the depot, all the information collected on the round is transmitted to a hand-held device and downloaded on to the council’s centralised computer. Each household can be billed for the amount of waste collected – even though they have already paid for the services through their council tax.

According to The Mail two German companies manufacture the bins and sensors, Sulo and RFID specialist Deister Electronic.

As with all such things, the story reflects local fears, obsessions and behaviour. First off, drinking: The Mail quotes a local council chairman saying he believed the chips “were simply to ensure bins could be returned to the right addresses if they got mixed up or drunks rolled them off”. Second, avoiding paying: The opposition Conservative party warns that “people will simply start dumping bags in their neighbours’ gardens or at the end of the street to avoid paying”. And then there’s the whole castle thing: a council spokesman in Wiltshire says the chips were “to sort out disputes between householders about whose wheelie bin is whose. If there are any arguments we can just send out an officer to scan the chip and settle the argument.” Oh, and then there’s the whole WWII hang-up: The headline at The Evening Standard’s This is London website is “Germans plant bugs in our wheelie bins”.

Is this something to be worried about? Well, the government, and local councils, haven’t been very smart about installing these tags before explaining their use to the public. But that’s not unusual: A council in Australia did the same thing a few weeks back. What I think is most interesting about this is that coverage of the subject in both countries lacks depth, pandering to the fears of its readers (The Mail may not know better, but The Press Association and The Independent should.) Even basic research would show that this sort of thing is not new, is widely used elsewhere, and has a name: Pay-by-weight.

It seems the same technology is already in use in Ireland and has, according to the company involved, reduced the amount of trash put out for collection by 40%. (There may have been some privacy uproar, but I can’t find any obvious evidence of any.) In Canada the program has been in place since 1994, and as of 1999 more than 1.5 million transponders have been deployed throughout the world, including the U.S., although there have been problems with the technology (this being RFID an’ all.)

That said, just because it’s being used elsewhere doesn’t necessarily make it a good thing. Trash is as much a privacy issue as anything linked to personal property, and the angry response to the news is related to an individual’s desire to keep what they throw out a secret (however illogical this is, given you’re putting it in an unlocked plastic bin in the street for hours, if not days, before it’s picked up.) Further research into what these RFID chips are capable of isn’t particularly reassuring: The SULO device for example (PDF file), can measure exact weight, when the bin is emptied, can report any damage to the bin, and, if linked to other equipment, could also locate where the bin was emptied. Nothing too sinister about this, but it increases the possibility, at least in theory, that an individual’s trash is no longer as anonymous as it was.

Bottom line? I don’t think this is likely, and given the technology has been in active service for more than a decade. But who knows where the technology may go? This is more a story about how RFID — although it’s not really identified in the story as such — scares people when they hear about it because instinctively they recognise its power. No one would disagree with the goal — reducing the amount of non-recyclable waste — but, as with all technologies, Pay by weight has to be handled carefully, its usage and goals explained, and clear and transparent limits to its usage imposed.

Where Is Technology When You Need It Part XIV

This has absolutely nothing to do with technology, except that surely there’s some technology to prevent this kind of outburst of law enforcement official mastication by members of the post-death personal care industry? From Reuters: Hearse driver arrested for biting policeman: 

BERLIN (Reuters) – A drunken hearse driver has been arrested in the western German town of Krefeld after biting a police officer taking him in for an alcohol test, police said on Monday.

Police had called for a hearse at a funeral home to transport a body to the cemetery.

“The hearse driver nearly fell over when he got out of the car. Then he had to hold onto everything he could find as he stumbled to the house,” said police spokesman Dietmar Greger.

Police decided to take the man to the station to test his blood alcohol level, but when they tried to get him out of their car he started a fight and bit an officer several times in the hand.

The man was confined to a cell until he sobered up and has been charged with civil disorder and drunk driving.

 

Stopping Terrorists With WordStar

A glimpse into Indonesia’s high-tech war on terrorism, crime and corruption, revealed in today’s Media Indonesia Online’s story (in Bahasa Indonesia) of the president’s visit to the airport immigration office at Jakarta Airport, where embarrassed officials try to access their database of those 5,000–odd people banned from leaving or entering the country. The files are all in WordStar, a software word processing program that is at least 15 years old. (Thanks to Jerry Justianto for pointing out).

The piece describes how officials had to try opening some of the files several times, while others wouldn’t open at all. Immigration officials inspecting passports often can’t access the files, meaning, the paper says, “the officials on duty have difficulties confirming those people who pass the immigration desks are fugitives of the state or not. That’s because to open the files is awkward and there is no explanation of the distinguishing characteristics of fugitives.”

Needless to say, the president wasn’t impressed and ordered an immediate upgrade. Still I’m sure WordStar fans will be delighted to hear the software is still being used in such an important role, and the fugitives themselves will take comfort in the fact that immigration officials are unlikely to spot them as they wander through customs. One can almost imagine the scene:

Immigration officer: Passport please.
(Passenger, carrying rocket launcher and several large suitcases apparently stuffed with dollar bills, hands over passport. Immigration official starts tapping name into computer. Long pause. Passenger looks at watch. Really long pause. )
Passenger: Is this going to take long?
Officer:  Yes. I’m checking whether you’re a fugitive from justice. We’re using WordStar. So please be patient.
Passenger: Oh, WordStar. OK. (Looks around. After brief pause, makes a run for it in a flurry of dollar bills and ammunition)
(Officer, still looking at screen waiting for file to load, doesn’t notice.)
(Next passenger approaches counter. )

Next passenger: I think he’ s gone.
(Officer looks up, around, mildly surprised.)
Officer: So he has. (Pause.) Passport, please.
(Next passenger hands over passport. Officer starts tapping name into computer. Next passenger unfolds portable chair, adds cushion, sits down, starts pouring coffee out of Thermos, gives one cup to Officer. Pulls out thick novel. Reads. Officer continues to stare at screen.)
Fade

Taiwan ‘Phisher’ Arrested, May Not Be Kingpin, Beaten Up By Father

A Taiwanese teenager has been arrested for phishing, but don’t expect it to bring an end to the problem.

The China Post today reported that the 16-year old, surnamed Wu, who was studying at a south Taiwan junior college, has been charged with forgery and fraud. The paper says it’s Taiwan’s first phishing case: If convicted, he faces three to five years’ jail.

That said, it doesn’t sound like the guy is exactly the mastermind behind the Internet’s fastest growing crime: The paper quoted an officer as saying that all the boy wanted was “to appear smart. He studied a hacking manual and tried to show off his knowledge by ‘phishing’ a dozen (computer) users.” All he managed to phish were their addresses and information. The paper reported his family was not particularly proud of his alleged phishing activities:

His irate father, who knows nothing about hacking, berated and tried to beat up the boy, when arresting police officers confronted them. The youth begged for mercy, one police officer said. “He was scared to death, when he saw us,” the officer said, “and we had a hard time calming his father down.”

More On Plaxo, Privacy and Opting Out

This is likely to be the last exchange on Plaxo: Hopefully some of the issues that have concerned me and readers have been cleared up by this and other recent posts.

Plaxo have kindly added a comment in reply to my posting on how to avoid Plaxo, in which they’ve pointed out that they have added an opt-out feature, meaning that instead of receiving endless ‘reminders’ to update your contacts from users, you can avoid either specific or all such requests via a link in the update email. (This link takes you to a page offering three options: Blocking all update requests from that person, using an auto-reply feature I mentioned in the previous posting, or a ‘permanent opt-out’.)

This is good news, and thanks for pointing this out. Plaxo says in the comment, ”It’s right there in every Update Request sent and has been provided by Plaxo for some time now.” However, I’ve gone back through Plaxo updates requests and readers’ mail on the issue and can only find Plaxo update requests sent to me in December to have included this feature. Unless I’m mistaken, prior to that there was no readily obvious way to opt out, and I have received complaints as recently as October of readers receiving multiple update requests with no visible method of avoiding future ones. (The webpage that refers to this feature does not indicate when the option was added, but says the page was updated on December 23.) In emailed responses to questions, Plaxo’s Stacy Martin says this opt-out became a standard option in November.

I accept that Plaxo now makes it easier to non-users to opt out of future requests, and I can readily understand that it’s difficult to find the right balance. On the one hand you don’t want to bug people who don’t want to be bugged; on the other, the only way to do this is for those who want to opt out to register all their known email addresses with Plaxo, since the company has chosen to use email addresses as the best way to recognise and store individual records. If users want to opt out, some sort of record needs to be kept of their wanting to opt out, in the same way a spammer is (supposedly) bound to keep a record of people who don’t want to receive more spam from them.

That said, this opt-out feature could be easier to find on the Plaxo website. It’s not mentioned on the front page, as far as I can see. On the support page linked by Plaxo’s Trust Officer I could find no mention of it, or direct link there. It was not on the page of frequently asked questions. You can find information about the opt-out feature by, among other possible ways, typing in ‘opt-out’ or ‘optout’ into the search support box selecting either in the ‘all search topics’ option or the ‘Information for IT departments’ option. Performing the same search in the (more logical, in my view) ‘Troubleshooting’ or ‘Security and Privacy’ categories will not provide this link — except tangentially, for example at the bottom of one page referring to the question ‘Does Plaxo send spam to my contacts?‘. (Plaxo’s Martin demurs, saying “In looking at the traffic flow on our web site, we’ve found the large number of users looking for assistance go straight to using the search within the Help Center and search on all topics rather than browsing around or searching on a subset of topics… Searching for “opt-out”, “stop”, “opt”, “no mail”, “out”, “optout” all provide users the proper information on how to stop receiving update requests.”)

Finally, if you’ve made it to the opt-out page – or clicked on the opt-out link provided in the update requests I mentioned at the start — you’ll be warned against using this feature. Click on the link in an email and you’ll be told ‘If you choose this option, friends and contacts with important update e-mails will no longer be able to contact you using Plaxo’. On the opt-out page itself, you’ll be told, in bold:  ’Note that by permanently opting-out, friends and business associates can no longer request your latest information or send you their latest contact information’.

I find the wording of both messages somewhat alarmist to the casual user: Both seem to suggest that somehow people will not be able to contact anyone who accepts this option. I believe the wording could be better constructed to make clear that accepting this option is ONLY going to remove them from future Plaxo emails and not have any more disastrous impact on their social, business or family life. If someone has gotten this far to opting out, I think Plaxo have probably lost them as a potential customer and they should give up gracefully.

All this said, and despite some residual concerns about Plaxo’s practices, I remain a Plaxo user and have, on balance, found it to be very useful. It appears that Plaxo has been responsive to user concerns and tried to hone its approach. But there’s clearly some ways to go, and, at least on the opt-out issue, I think Plaxo could be clearer, by at least

  • posting a link on the home page,
  • marking it clearly on the support page and
  • by avoiding language on the opt-out page itself that may confuse or deter the casual user.

Plaxo’s Martin says they’ve already made some changes to accomodate these suggestions, which I emailed to her before posting here. It’s good to see that they are responsive to these and other concerns: Another feature that bugged readers, if my mailbag is anything to go by, was the way Plaxo kept a record of how many update requests were sent to any non-user, even if they weren’t from the same source. This kind of intrusiveness raised hackles, understandably, in that Plaxo appeared to be targetting prospective users and keeping tabs on them. Stacy says this feature was dropped last November.

In Plaxo-land, There’s Still Some Confusion

This Plaxo issue is confusing. But it’s still worrying.
 
Here’s the story so far: Plaxo is a way to keep your contacts up to date, and it works well and simply. But privacy has been an issue: Can you trust a company to keep your personal data — not just your own details, but all your contacts who also use Plaxo — safe? Plaxo have been quite convincing about this issue, which is why I and a lot of other people use the service: More than a million, according to their website.
 
But here’s the tricky bit: In recent months I’ve noticed that some contacts have been updating themselves in my address book without me giving them permission to do so — or even requesting it. The responses I’ve received from Plaxo have been of the kind you can see in the comments on one of my recent postings about this, namely, that can’t happen, it must be a user (i.e. my) error.
 
Now I’ve got a more complete, and complicated response from Stacy Martin, Plaxo Trust Officer. Stacy’s gone to some trouble to answer my complaint, and readily acknowledges the system isn’t perfect. And I accept that my earlier fear — that people I have never met, or put in my address book, may be adding their contacts — is unfounded.
 
But, without wanting to be difficult, I’m still not satisifed. The problem is this: Plaxo doesn’t just handle the contacts you assign to be updated via Plaxo, it accesses — and can alter, without your approval — your whole address book.
 
It’s complicated, but to try to boil down the argument I’ve paraphrased. I hope I’ve done it correctly: Plaxo, Stacy says, can only UPDATE entries that already exist in your Outlook/Outlook Express address book. It cannot ADD new entries unless you approve the action. This automatic update can occur in one of two ways:
  • If you and someone else have both agreed to allow update requests, or
  • Your address book contains at least the e-mail address of another Plaxo member who has granted other Plaxo members access to his information contained on one or both of his cards.
It’s this second one that is causing the problem. It sounds complicated, I know, but it comes down to this: If you have in your Outlook or Outlook Express address book anyone who is also a member of the Plaxo network, whether or not you request it, that person’s contacts will automatically update themselves in your address book. This leads, as you may imagine, to some surprising results:
  • All the people in your address book — automatically added by you manually, your email program (Outlook versions prior to 2002 had this feature), or any other program interacting with your address book — can now be altered remotely by those people, so long as they are Plaxo subscribers (In one case a contact was not only altered but the name given to that person — his actual name — was altered, making him, er, hard to locate);
  • This appears to override your original settings, that is, the list of people you requested updates from when you first configured the program.

In short, with Plaxo you’re no longer in control of your address book. Signing up to Plaxo means your whole address book is accessible by Plaxo (and presumably stored on their server, not just those contacts you’ve chosen to update via their service).

Stacy readily accepts some of this is confusing, and says we feel there is much more work we can do on our end to make this action more clear and understandable as to not alarm the member. Hopefully, future versions of Plaxo Contacts will make this more evident.”

That’s a start. Here’s my tupennies’ worth:

  • I think other Plaxo users would be as surprised as I to find out that Plaxo has a complete record of, or access to, our address book, whether or not we submitted all those contacts to Plaxo initially, and
  • that as a result people we have not contacted have updated themselves in our address book, without our permission.
  • How does Plaxo ’synchronise’ our contacts? Is this done only with those contacts marked as ones we have agreed to update via Plaxo, or is it all of them?
  • What about the embarrassment quotient? What happens, for example, to contacts we have at some point deleted from our Outlook address book? Is this information — the deletion — passed onto onto the Plaxo-fied contact?

The bottom line here is, in my view, that Plaxo have got to give much greater control to the user as to who and what is updated in the address book. My assumption was always that those people we’ve not selected to update via Plaxo would not be updated, or even accessed, by Plaxo. And to me the logical idea would be that if that did happen, we would get the chance to scotch such updates and sever contact with that person if we so desired. I’m relieved to know that Plaxo folk aren’t able to add themselves to my address book without my sayso, but I still believe there’s a lack of user control over who gets to update what.

Plaxo is a great concept, and a good service, but it must abide by its own promises, like this one: ”At all times, members of the Plaxo Contacts service control how their information is used and with whom it is shared.”