The Pioneer anomaly, one of the longest-standing mysteries in physics, has apparently been solved. It seems someone forgot to carry the one :-)
Actually, that's not so far from the truth. The problem with earlier models turned out to be that they didn't take into account the way heat from the spacecraft's plutonium power source reflected off the antenna.
What is most mind boggling to me is that it's actually possible to measure the position of the spacecraft accurately enough to tell the difference.
Thursday, March 31, 2011
Tuesday, March 29, 2011
Tax the Super Rich now or face a revolution
Think 2008 was bad? Paul B. Farrell says that was nothing compared with what lies in store if we don't start taxing the super-rich:
Worth reading.
Warning: The Super-Rich Delusion has pushed us to the edge of a great precipice: Remember the Roaring Twenties? The Crash of 1929? Great Depression? Just days before the crash one leading economist, Irving Fisher, predicted that stocks had “reached what looks like a permanently high plateau.”
Yes, he was trapped in the “Great Gatsby Syndrome,” an earlier version of today’s Super-Rich Delusion. It was so blinding in 1929 that the president, Wall Street, all America were sucked in … until the critical mass hit a mysterious flash point, triggering the crash.
Yes, we’re reliving that past — never learn, can’t hear. And oddly it’s not just the GOP’s overreach, the endlessly compromising Obama, too-greedy-to-fail Wall Street banksters, U.S. Chamber of Commerce billionaires and arrogant Forbes 400. America’s entire political, financial and economic psyche is infected, as if our DNA has been rewired.
The Collective American Brain is trapped in this Super-Rich Delusion, replaying the run-up to the ’29 Crash.
Worth reading.
Newt Gingrich joins the raving loon club
Newt is afraid of "a secular atheist country ... dominated by radical Islamists."
Do Republicans stop to think at all about what they are saying, or do they just robotically spout buzzwords? Atheists! Terrorists! Muslims! (Oh My!)
Good grief.
Do Republicans stop to think at all about what they are saying, or do they just robotically spout buzzwords? Atheists! Terrorists! Muslims! (Oh My!)
Good grief.
Two more ways Obama is like Bush
I've said before that Obama is becoming increasingly indistinguishable from George Bush in terms of his policies. Add two more data points: Obama has now started his own war in the middle east with an unclear mission and justification, and he has suppressed scientific research:
Excuse me? Speaking out of turn? What does that even mean? Since when have scientists had to wait their turn to speak to the media? Is this the U.S.A. or the U.S.S.R.? Honestly, it's starting to get a little hard to tell the difference.
"The Obama administration has issued a gag order on data over the recent spike of dead dolphins, including many stillborn infants, washing up on Mississippi and Alabama shorelines, and scientists say the restriction undermines the scientific process."
...
One biologist involved with tracking dolphin mortalities for over 20 years and speaking on the condition of anonymity, told Reuters that: “It throws accountability right out the window. We are confused and ... we are angry because they claim they want teamwork, but at the same time they are leaving the marine experts out of the loop completely.”
Some scientists said they have received a personal rebuke from government officials about “speaking out of turn” to the media over attempts at determining the dolphins’ deaths.
Excuse me? Speaking out of turn? What does that even mean? Since when have scientists had to wait their turn to speak to the media? Is this the U.S.A. or the U.S.S.R.? Honestly, it's starting to get a little hard to tell the difference.
Monday, March 28, 2011
The NYT paywall: a digital train wreck in slow motion
I believe in supporting quality independent journalism, so it's painful to watch the digital train wreck that is the New York Times paywall. They've apparently spent $40 million on it, and not only is it badly broken, but has a fundamental design flaw that makes it trivial to work around.
But that's not the worst problem.
The worst problem is their pricing. It's deceptive, and deeply hidden in their subscription page, which proudly touts 99 cent teaser rates, but hides the actual underlying rates under a tangle of links and redirects. Here are the actual weekly rates for an electronic subscription:
Web + smartphone: $3.75
Web + tablet: $5.00
Web + tablet + smartphone: $8.75
And here are the rates for home delivery, which come with "free all-digital access" (i.e. the third option above):
7-days a week: $7.40
Friday-Sunday: $5.20
Sunday only: $3.75
Monday-friday: $3.75
How is this pricing model broken? Let me count the ways.
1. There is no web-only option. If I have neither a smartphone nor a tablet I have to pay for one of those services regardless.
2. The cost of Web+tablet+smartphone is the sum of web+smartphone and web+tablet. So if I want all three, I have to pay for web access twice. Unless...
3. The cheapest way to get all three is to subscribe to the Sunday times. The NYT in effect will pay me $5.00 a week to take a paper copy of the Sunday times and throw it in the recycling bin.
A more perverse set of incentives is hard to imagine. Like I said, I believe in supporting quality independent journalism. I would happily pay to read the NYT on line if I felt that the price I was being charged is fair. But I just want to read the Times on the web, not my phone, and I don't own a tablet. I don't want to pay $250 a year for the privilege of not having to throw out a three-inch-thick stack of newsprint every week.
And I'm also pretty leery of supporting an organization that can't figure out how to build a freakin' paywall for less than forty million dollars.
But that's not the worst problem.
The worst problem is their pricing. It's deceptive, and deeply hidden in their subscription page, which proudly touts 99 cent teaser rates, but hides the actual underlying rates under a tangle of links and redirects. Here are the actual weekly rates for an electronic subscription:
Web + smartphone: $3.75
Web + tablet: $5.00
Web + tablet + smartphone: $8.75
And here are the rates for home delivery, which come with "free all-digital access" (i.e. the third option above):
7-days a week: $7.40
Friday-Sunday: $5.20
Sunday only: $3.75
Monday-friday: $3.75
How is this pricing model broken? Let me count the ways.
1. There is no web-only option. If I have neither a smartphone nor a tablet I have to pay for one of those services regardless.
2. The cost of Web+tablet+smartphone is the sum of web+smartphone and web+tablet. So if I want all three, I have to pay for web access twice. Unless...
3. The cheapest way to get all three is to subscribe to the Sunday times. The NYT in effect will pay me $5.00 a week to take a paper copy of the Sunday times and throw it in the recycling bin.
A more perverse set of incentives is hard to imagine. Like I said, I believe in supporting quality independent journalism. I would happily pay to read the NYT on line if I felt that the price I was being charged is fair. But I just want to read the Times on the web, not my phone, and I don't own a tablet. I don't want to pay $250 a year for the privilege of not having to throw out a three-inch-thick stack of newsprint every week.
And I'm also pretty leery of supporting an organization that can't figure out how to build a freakin' paywall for less than forty million dollars.
Friday, March 25, 2011
The climate wars have begun
The Marshall Islands have fired the first shot in what I predict will eventually become a global conflict: instead of sitting idly by and watching while their country sinks beneath rising sea levels caused by global climate change, the Marshal Islanders have taken the initiative by legalizing cocaine in order to attract tourists and raise hard currency.
Good for them.
Now, I don't want to be misunderstood. I am not advocating the use of cocaine. Cocaine -- especially crack cocaine -- is a horrible scourge. But the fallout from making cocaine and other narcotics illegal is an equally horrible scourge. It does nothing but create a market opportunity for those willing to take the risk of breaking the law, and a barrier to entry for those unwilling to do so. Making cocaine illegal is nothing more than an indirect tax subsidy for drug dealers, one the Marshal Islanders have decided to avail themselves of. And they arguably deserve it:
Don't buy your plane tickets just yet though. This is almost certainly nothing more than a bluff to try to get draw attention to their plight and maybe get a bit of leverage with the international community. But I predict that before long (10-20 years) we'll see other island nations trying similar tactics as the gravity of their situation becomes apparent. It's going to get ugly. Civilization depends on at least the perception of everyone having something to gain by playing by the rules. When your country is sinking beneath the waves that proposition becomes a very tough sell.
Good for them.
Now, I don't want to be misunderstood. I am not advocating the use of cocaine. Cocaine -- especially crack cocaine -- is a horrible scourge. But the fallout from making cocaine and other narcotics illegal is an equally horrible scourge. It does nothing but create a market opportunity for those willing to take the risk of breaking the law, and a barrier to entry for those unwilling to do so. Making cocaine illegal is nothing more than an indirect tax subsidy for drug dealers, one the Marshal Islanders have decided to avail themselves of. And they arguably deserve it:
The Marshall Islands were the site of nuclear testing prior to independence from the United States, and Marshallese claims against the US in regard to the fallout from the atomic testing are ongoing.
Don't buy your plane tickets just yet though. This is almost certainly nothing more than a bluff to try to get draw attention to their plight and maybe get a bit of leverage with the international community. But I predict that before long (10-20 years) we'll see other island nations trying similar tactics as the gravity of their situation becomes apparent. It's going to get ugly. Civilization depends on at least the perception of everyone having something to gain by playing by the rules. When your country is sinking beneath the waves that proposition becomes a very tough sell.
Monday, March 21, 2011
It's official!
My movie, But for the Grace of God?, a feature-length documentary about homelessness, is premiering at the Oakland Film Festival on April 15! There's more information and a trailer on the web site. If you live in Northern California I would love to see you there.
I'm not going to write much about the film here (I'm setting up a separate blog for that) so if you want updates please sign up for the mailing list on the film web site or subscribe to my twitter feed (@rongarret).
I'm not going to write much about the film here (I'm setting up a separate blog for that) so if you want updates please sign up for the mailing list on the film web site or subscribe to my twitter feed (@rongarret).
Sunday, March 20, 2011
A exceptionally good summary of what's going on at the Japanese reactors
In case you were wondering. Bottom line: the reactors worked exactly as they were designed to. These are forty year old reactors, they experienced one of the worst natural disasters in recorded history, and while they have been damaged, there has been no danger to public health. And the most likely long-term danger to the public is that everyone will freak out over nuclear energy, which will hamper efforts to control carbon emissions.
Friday, March 18, 2011
The NBC Nightly News Drinking Game
Want to get smashed in 30 minutes? Then pull up a bottle of tequila and the NBC Nightly News with Brian Williams and take a shot whenever Brian says any of the following words or phrases: "Massive", "As Always" or "Our very own." I guarantee you will not be able to walk a straight line at the end of this exercise.
[UPDATE - 3/23] - I've actually noticed that ever since I posted this, Brian seems to be using these phrases a lot less. I wonder if maybe someone at NBC reads my blog? :-)
[UPDATE - 3/23] - I've actually noticed that ever since I posted this, Brian seems to be using these phrases a lot less. I wonder if maybe someone at NBC reads my blog? :-)
Friday, March 11, 2011
What Kind of Sick Culture Blames an 11-Year-Old for Being Gang-Raped?
When I first saw that headline I assumed they were talking about some backwards tribal culture in a Muslim country. But no, this happened (actually, is happening) in Texas. Guess I was wrong about the Muslim part.
Wednesday, March 09, 2011
A bumpy ride through the moral landscape
Sam Harris takes a valiant whack at the dragon (or is it a windmill?) of moral relativism in his new book, "The Moral Landscape." Harris argues that, contrary to Hume, one can derive "ought" from "is", at least to a first-order approximation, by starting with the premise that morality is that which advances the interests of conscious beings.
One of my mentors in graduate school once told me that it is worth paying attention to what smart people have to say even -- perhaps especially -- when they are wrong, because they are usually wrong in interesting ways. "The Moral Landscape" is a perfect example. It's wrong, but it is wrong in a very interesting way.
Let me say up front that I have tremendous sympathy for Harris's agenda. I wish it were true that one could derive "ought" from "is" (and I think it might be possible, but it's much, much harder than Harris -- or any of the new atheists -- seem to recognize). I do accept Harris's premise that maximizing utility for conscious beings is not only a reasonable foundation for such an endeavor, it is the only possible reasonable basis for it.
Unfortunately, between Harris's premises and his (predictable) conclusion that religion is the root of all evil (his Introduction has a section prominently entitled "The Problem of Religion") are a whole host of tacit biases and assumptions that render his reasoning circular. Harris defines the problem of morality as maximizing some utility function with respect to consciousness (which is perfectly fine), but then he goes on to assume without any foundation (and, worse, without being explicit about it) that this quality metric should have certain characteristics. Like erstwhile provers of Euclid's fifth postulate the assumptions he makes appear intuitively obvious. But if science teaches us anything it is that what is intuitively obvious is often wrong.
Harris's argument runs off the rails almost from the very beginning. This is taken from his introduction:
I won't quote the whole thing; you get the idea. The good life, on the other hand, I reproduce here in its entirety because the details matter:
Surely it is obvious that the Good Life is preferable to the Bad Life in every way? Well, alas, no it is not. It is certainly preferable from the point of view of an affluent Western academic, which both Harris and I happen to be, so I can certainly understand the appeal. But it is not true that this need be the case for all conscious beings, or even for all rational conscious beings. But Harris dismisses this possibility out of hand:
Well, yes, we must. Hidden in the trees of horrific detail is the forest that makes Harris's Bad Life preferable to his Good Life for many people: the woman in the Bad Life scenario (one wonders if Harris considers being a woman to be a salient characteristic of the Bad Life) has children while the person (notably with gender unspecified) in the Good Life scenario doesn't (or, if s/he does, they don't figure prominently in Harris's reckoning.)
Now, I do not mean to suggest that any rational person would choose the totality of Harris's Bad Life over his Good Life. I merely point out that Harris's quality metric is heavily prejudiced by the fact that he is an affluent Western academic male. Money, in particular, figures very prominently. He mentions it three times. It is particularly noteworthy, I think, that helping the poor unfortunate children in the developing world is done with a billion dollars of other people's money rather than your own.
Let us give Harris the benefit of the doubt and assume that he is simply ignorant of the evidence that providing financial assistance to developing countries does more harm than good and that his heart is actually in the right place. But look at where he puts the emphasis: helping other people is not good because of the benefit it provides to others, but because of the personal satisfaction that it provides to the benefactor. The Good Life is not good because you are good, it is good because you feel good. You are free of pain and want, and on top of that you get to bestow a billion dollars of largesse on some poor unfortunate urchins without compromising your standard of living. That sounds good to me because I am a member of Harris's demographic. But I wonder how it sounds to the urchin.
(If you still doubt this point, let me add just one sentence to Harris's Bad Life: "Because of your suffering, the attention of the world's media has been drawn to the plight of your people, and years after you are dead millions will be living better lives because of your sacrifices." And another to the Good Life: "Unfortunately, though you are blissfully unaware of it, the money you have given out to third world countries has ended up in the pockets of corrupt dictators and the net result is that you have made the lives of millions of people worse, not better." Now which life is the Good Life and which is the Bad Life?)
Again, my point here is not to argue that Harris's Bad Life is superior to his Good Life, only to plant a seed of doubt that the superiority of every aspect of Harris's Good Life is beyond question. Unfortunately, even this small seed of doubt undermines Harris's entire agenda. The problem with applying science to morality is that it requires you to choose a quality metric from a complex space with multiple incommensurate dimensions. Even as simple a premise as, say, all else being equal it is good to minimize physical pain is open to rational doubt: it may well be that a certain amount of physical pain is necessary to psychological well-being (as measured according to some other quality metric). Maybe people who never experience any physical pain end up being so risk-averse that they become dysfunctional cowards. I really enjoy my affluent lifestyle, but I really wonder if I'm going to be up to the challenges that are going to come our way when, say, the planet's reserves of crude oil start to run out. (Or, what ought to be even more frightening, phosphorus.)
The fundamental problem is that "the interests of conscious beings" is not well defined. What exactly are those interests? To exist? To exist free of pain? To exist at some balance of pain and comfort that maximizes some other ineffable quality like "self-fulfillment" (whatever that might mean)?
The ultimate irony is that the reason that the interests of consciousness is not a coherent basis for morality (or anything else for that matter) is precisely because consciousness was created by evolution and not by God. Consciousness exists not because it is the cosmic destiny of the universe, but rather because, like all other complex things, it has survival value -- but not for itself. Consciousness is not an end, it is a means. Consciousness exists because it provides a powerful motivator for an entity afflicted by it to keep itself -- and hence its genes -- alive. Wealth and physical comfort feel like wins because up to a point they increase reproductive fitness. But as soon as it gets to the point where consciousness starts to value things like "self-fulfillment" over having children, trouble begins. The interests of that sort of consciousness are not longer aligned with those of its creator.
This is why Harris's program is almost certainly doomed to fail. Advancing the interests of consciousness will not lead to a planet full of humans singing kumbaya in blissful conscious harmony because that's not what consciousness is for. Consciousness exists to make us care about making sure our children stay alive long enough to have children of their own. Our children. Not someone else's. Of course, the situation is complicated by the fact that the boundaries between "ours" and "theirs" are fluid and can change opportunistically (because that kind of flexibility also has survival value). But there is nothing in the laws of physics that says those lines should be drawn around a single species, or even a single mental attribute like consciousness.
I wish things were different. I really do. I would like nothing more than to be able to preach the Gospel of Sam and so help to bring peace and harmony to the world. But Sam Harris of all people should be able to sympathize with someone like me who has a limited ability to suspend disbelief, so I trust he will forgive me.
One of my mentors in graduate school once told me that it is worth paying attention to what smart people have to say even -- perhaps especially -- when they are wrong, because they are usually wrong in interesting ways. "The Moral Landscape" is a perfect example. It's wrong, but it is wrong in a very interesting way.
Let me say up front that I have tremendous sympathy for Harris's agenda. I wish it were true that one could derive "ought" from "is" (and I think it might be possible, but it's much, much harder than Harris -- or any of the new atheists -- seem to recognize). I do accept Harris's premise that maximizing utility for conscious beings is not only a reasonable foundation for such an endeavor, it is the only possible reasonable basis for it.
Unfortunately, between Harris's premises and his (predictable) conclusion that religion is the root of all evil (his Introduction has a section prominently entitled "The Problem of Religion") are a whole host of tacit biases and assumptions that render his reasoning circular. Harris defines the problem of morality as maximizing some utility function with respect to consciousness (which is perfectly fine), but then he goes on to assume without any foundation (and, worse, without being explicit about it) that this quality metric should have certain characteristics. Like erstwhile provers of Euclid's fifth postulate the assumptions he makes appear intuitively obvious. But if science teaches us anything it is that what is intuitively obvious is often wrong.
Harris's argument runs off the rails almost from the very beginning. This is taken from his introduction:
For my argument ... to hold, I think one need only grant two points: (1) some people have better lives than others, and (2) these differences relate, in some lawful and not entirely arbitrary way, to states of the human brain and to states of the world. To make these premises less abstract, consider two generic lives that lie somewhere near the extremes on this continuum:
The bad life
You are a young widow who has lived her entire life in the midst of civil war. Today, your seven-year-old daughter was raped and dismembered before your eyes. Worse still, the perpetrator was your fourteen-year-old son, who was goaded to this evil at the point of a machete by a press gang of drug-addled soldiers... Since the moment you were born your world has been a theatre of cruelty and violence. You have never learned to read...
I won't quote the whole thing; you get the idea. The good life, on the other hand, I reproduce here in its entirety because the details matter:
The good life
You are married to the most loving, intelligent and charismatic person you have ever met. Both of you have careers that are intellectually stimulating and financially rewarding. For decades, your wealth and social connections have allowed you to devote yourself to activities that bring you immense personal satisfaction. One of your greatest sources of happiness has been to find creative ways to help people who have not had your good fortune in life. In fact, you have just won a billion-dollar grant to benefit children in the developing world. If asked, you would say that you could not imagine how your time on earth could be better spent. Due to a combination of good genes and optimal circumstances, you and your closest friends and family will live very long, healthy lives, untouched by crime, sudden bereavements, and other misfortunes.
Surely it is obvious that the Good Life is preferable to the Bad Life in every way? Well, alas, no it is not. It is certainly preferable from the point of view of an affluent Western academic, which both Harris and I happen to be, so I can certainly understand the appeal. But it is not true that this need be the case for all conscious beings, or even for all rational conscious beings. But Harris dismisses this possibility out of hand:
Anyone who doesn't see that the Good Life is preferable to the Bad Life is unlikely to have anything to contribute to a discussion about human well-being. Must we really argue that beneficence, trust, creativity, etc. enjoyed in the context of prosperous civil society are better than the horrors of civil war endured in a steaming jungle filled with aggressive insects carrying dangerous pathogens?
Well, yes, we must. Hidden in the trees of horrific detail is the forest that makes Harris's Bad Life preferable to his Good Life for many people: the woman in the Bad Life scenario (one wonders if Harris considers being a woman to be a salient characteristic of the Bad Life) has children while the person (notably with gender unspecified) in the Good Life scenario doesn't (or, if s/he does, they don't figure prominently in Harris's reckoning.)
Now, I do not mean to suggest that any rational person would choose the totality of Harris's Bad Life over his Good Life. I merely point out that Harris's quality metric is heavily prejudiced by the fact that he is an affluent Western academic male. Money, in particular, figures very prominently. He mentions it three times. It is particularly noteworthy, I think, that helping the poor unfortunate children in the developing world is done with a billion dollars of other people's money rather than your own.
Let us give Harris the benefit of the doubt and assume that he is simply ignorant of the evidence that providing financial assistance to developing countries does more harm than good and that his heart is actually in the right place. But look at where he puts the emphasis: helping other people is not good because of the benefit it provides to others, but because of the personal satisfaction that it provides to the benefactor. The Good Life is not good because you are good, it is good because you feel good. You are free of pain and want, and on top of that you get to bestow a billion dollars of largesse on some poor unfortunate urchins without compromising your standard of living. That sounds good to me because I am a member of Harris's demographic. But I wonder how it sounds to the urchin.
(If you still doubt this point, let me add just one sentence to Harris's Bad Life: "Because of your suffering, the attention of the world's media has been drawn to the plight of your people, and years after you are dead millions will be living better lives because of your sacrifices." And another to the Good Life: "Unfortunately, though you are blissfully unaware of it, the money you have given out to third world countries has ended up in the pockets of corrupt dictators and the net result is that you have made the lives of millions of people worse, not better." Now which life is the Good Life and which is the Bad Life?)
Again, my point here is not to argue that Harris's Bad Life is superior to his Good Life, only to plant a seed of doubt that the superiority of every aspect of Harris's Good Life is beyond question. Unfortunately, even this small seed of doubt undermines Harris's entire agenda. The problem with applying science to morality is that it requires you to choose a quality metric from a complex space with multiple incommensurate dimensions. Even as simple a premise as, say, all else being equal it is good to minimize physical pain is open to rational doubt: it may well be that a certain amount of physical pain is necessary to psychological well-being (as measured according to some other quality metric). Maybe people who never experience any physical pain end up being so risk-averse that they become dysfunctional cowards. I really enjoy my affluent lifestyle, but I really wonder if I'm going to be up to the challenges that are going to come our way when, say, the planet's reserves of crude oil start to run out. (Or, what ought to be even more frightening, phosphorus.)
The fundamental problem is that "the interests of conscious beings" is not well defined. What exactly are those interests? To exist? To exist free of pain? To exist at some balance of pain and comfort that maximizes some other ineffable quality like "self-fulfillment" (whatever that might mean)?
The ultimate irony is that the reason that the interests of consciousness is not a coherent basis for morality (or anything else for that matter) is precisely because consciousness was created by evolution and not by God. Consciousness exists not because it is the cosmic destiny of the universe, but rather because, like all other complex things, it has survival value -- but not for itself. Consciousness is not an end, it is a means. Consciousness exists because it provides a powerful motivator for an entity afflicted by it to keep itself -- and hence its genes -- alive. Wealth and physical comfort feel like wins because up to a point they increase reproductive fitness. But as soon as it gets to the point where consciousness starts to value things like "self-fulfillment" over having children, trouble begins. The interests of that sort of consciousness are not longer aligned with those of its creator.
This is why Harris's program is almost certainly doomed to fail. Advancing the interests of consciousness will not lead to a planet full of humans singing kumbaya in blissful conscious harmony because that's not what consciousness is for. Consciousness exists to make us care about making sure our children stay alive long enough to have children of their own. Our children. Not someone else's. Of course, the situation is complicated by the fact that the boundaries between "ours" and "theirs" are fluid and can change opportunistically (because that kind of flexibility also has survival value). But there is nothing in the laws of physics that says those lines should be drawn around a single species, or even a single mental attribute like consciousness.
I wish things were different. I really do. I would like nothing more than to be able to preach the Gospel of Sam and so help to bring peace and harmony to the world. But Sam Harris of all people should be able to sympathize with someone like me who has a limited ability to suspend disbelief, so I trust he will forgive me.
Is the Square reader a security hole?
Verifone tooka swipe at Square today, saying that the Square credit card reader, which plugs into an iPhone headset port and lets anyone accept credit card payments, is a security hole. Are they right?
Yes and no. Yes, it is possible to use the Square reader to steal credit card information. But no, the Square reader does not make the existing credit card security situation appreciably worse than it already is.
Credit cards are basically 1950's technology, and their security model is fundamentally broken for on-line transactions. Back in the 1950's when credit cards were invented, the security model was that you had physically present the card to the merchant, who created a physical imprint of the card using a mechanical device. The consumer then signed the imprint. This made the security model essentially the same as that for checks: you had a physical token (the check or the card imprint) and a signature. Perpetrating credit card fraud was about as hard as perpetrating check fraud. You had to produce a physical artifact (a fake check or a fake credit card) and forge a signature. That was a high enough bar that fraud was rare by today's standards.
The descent from that halcyon days of the 1950's to today's chaos happened very gradually. Although finding documentation for this is probably very hard, the first step was almost certainly the result of merchants dealing with mechanical failures in the card imprint machines by writing down the credit card number on the sales slip by hand. The one day a merchant gets the bright idea that because they can write the number down by hand, they can accept orders over the phone. In the 1960's, magnetic stripes were added to cards, which allowed the entire end-to-end process of processing a credit card transaction to be computerized. This was a big win for efficiency, but in the process it completely eliminated the two features of credit cards that provided security: the physical imprint and the signature. The result, predictably, was a dramatic increase in fraud.
The fundamental problem with credit cards for in-line transactions is that, by definition, on-line transaction can involve only the exchange of information, not any kind of physical token. But the information that you have to give to a merchant in order to conduct one transaction is the same information that is needed to conduct an arbitrary number of transactions.
The credit card industry has responded to this situation with breathtaking naivete. A number of "security" measures have been added over the years, but they all amount to minor variations on one of two themes: 1) require additional information to conduct a transaction (expiration date, billing address, CVV code, and use computers running sophisticated pattern recognition algorithms to try to detect fraudulent activity. Neither of these measures is even remotely adequate for the task. As long as the information to process a transaction is the same for every transaction it doesn't matter how much of it there is, a fraudster can easily acquire this information (whatever it is) simply by posing as a legitimate merchant, which is trivial to do on the web. And heuristic fraud detection helps, but it will always have both false positives and false negatives. The result is a horrifically inefficient and fraud-prone system. The Square reader does make it slightly easier to perpetrate credit card fraud: now a fraudster can scan the card instead of, say, taking a photo of the front and back. But letting a fraudster copy a card in two seconds instead of six is unlikely to have even a detectable impact on current fraud levels.
The credit card companies could easily solve this problem by deploying smart cards with embedded processors that use cryptographic techniques to produce tokens that are unique to a particular transaction. This would all but eliminate credit card fraud overnight. Why don't they do it? That's a good question. The honest answer is that I don't know, but I strongly suspect that it's because the card companies are not the ones feeling the pain. The cost of fraud is substantial, but it's just fobbed off onto the merchants in the form of ridiculously high transaction fees, chargebacks, and rules that prevent the merchants from passing these costs on to the customers. The merchants are a captive audience because consumers, understandably, insist on paying with cards, blissfully ignorant of the fact that billions of dollars are being silently funneled out of their pockets and into the coffers of fraudsters and banks.
Normally, a situation like this would be ripe for a startup to come in with a better, more efficient disruptive solution. But the problem is that there is a huge chicken-and-egg problem: merchants won't want to use a new payment system unless consumers are using it, and consumers won't want to use a new payment until merchants are using it. So at the moment, unless the banks decide to do the Right Thing (don't hold your breath), we're stuck in this local minimum.
Yes and no. Yes, it is possible to use the Square reader to steal credit card information. But no, the Square reader does not make the existing credit card security situation appreciably worse than it already is.
Credit cards are basically 1950's technology, and their security model is fundamentally broken for on-line transactions. Back in the 1950's when credit cards were invented, the security model was that you had physically present the card to the merchant, who created a physical imprint of the card using a mechanical device. The consumer then signed the imprint. This made the security model essentially the same as that for checks: you had a physical token (the check or the card imprint) and a signature. Perpetrating credit card fraud was about as hard as perpetrating check fraud. You had to produce a physical artifact (a fake check or a fake credit card) and forge a signature. That was a high enough bar that fraud was rare by today's standards.
The descent from that halcyon days of the 1950's to today's chaos happened very gradually. Although finding documentation for this is probably very hard, the first step was almost certainly the result of merchants dealing with mechanical failures in the card imprint machines by writing down the credit card number on the sales slip by hand. The one day a merchant gets the bright idea that because they can write the number down by hand, they can accept orders over the phone. In the 1960's, magnetic stripes were added to cards, which allowed the entire end-to-end process of processing a credit card transaction to be computerized. This was a big win for efficiency, but in the process it completely eliminated the two features of credit cards that provided security: the physical imprint and the signature. The result, predictably, was a dramatic increase in fraud.
The fundamental problem with credit cards for in-line transactions is that, by definition, on-line transaction can involve only the exchange of information, not any kind of physical token. But the information that you have to give to a merchant in order to conduct one transaction is the same information that is needed to conduct an arbitrary number of transactions.
The credit card industry has responded to this situation with breathtaking naivete. A number of "security" measures have been added over the years, but they all amount to minor variations on one of two themes: 1) require additional information to conduct a transaction (expiration date, billing address, CVV code, and use computers running sophisticated pattern recognition algorithms to try to detect fraudulent activity. Neither of these measures is even remotely adequate for the task. As long as the information to process a transaction is the same for every transaction it doesn't matter how much of it there is, a fraudster can easily acquire this information (whatever it is) simply by posing as a legitimate merchant, which is trivial to do on the web. And heuristic fraud detection helps, but it will always have both false positives and false negatives. The result is a horrifically inefficient and fraud-prone system. The Square reader does make it slightly easier to perpetrate credit card fraud: now a fraudster can scan the card instead of, say, taking a photo of the front and back. But letting a fraudster copy a card in two seconds instead of six is unlikely to have even a detectable impact on current fraud levels.
The credit card companies could easily solve this problem by deploying smart cards with embedded processors that use cryptographic techniques to produce tokens that are unique to a particular transaction. This would all but eliminate credit card fraud overnight. Why don't they do it? That's a good question. The honest answer is that I don't know, but I strongly suspect that it's because the card companies are not the ones feeling the pain. The cost of fraud is substantial, but it's just fobbed off onto the merchants in the form of ridiculously high transaction fees, chargebacks, and rules that prevent the merchants from passing these costs on to the customers. The merchants are a captive audience because consumers, understandably, insist on paying with cards, blissfully ignorant of the fact that billions of dollars are being silently funneled out of their pockets and into the coffers of fraudsters and banks.
Normally, a situation like this would be ripe for a startup to come in with a better, more efficient disruptive solution. But the problem is that there is a huge chicken-and-egg problem: merchants won't want to use a new payment system unless consumers are using it, and consumers won't want to use a new payment until merchants are using it. So at the moment, unless the banks decide to do the Right Thing (don't hold your breath), we're stuck in this local minimum.
Sunday, March 06, 2011
Did NASA discover bacteria in meteorites (again)?
Tuesday, March 01, 2011
Pardon me while I pick my jaw up off the floor
The Supreme Court just ruled that corporations do not have a right to privacy. And it was unanimous! My worldview lies in shambles. I would have given you long odds that Roberts, Scalia, Thomas, and Alito would rule in favor of corporations at every possible turn. Maybe there is some hope for the future yet.