Friday, March 14, 2003

Aviation data and privacy

An interesting story in the Post this afternoon, about how the CAPPS II system, which hoovers up information on airline passengers, is getting a rough ride in the Senate. As Maria pointed out a couple of days ago, the EU is already obliging carriers to give whatever personal information the US Attorney General thinks is necessary, on all transatlantic passengers, regardless of whether they're likely terrorists or not. Unlike the Senate, the European Parliament can't do very much more than deplore this policy, and wring its (collective) hands. It's yet another example of how the US administration is obliging its allies to adopt anti-privacy measures that it could never get away with at home. For years, the US used to complain that Europeans were trying to impose their privacy legislation on EU firms - now, we're seeing the US pushing through measures that undermine the personal privacy of European citizens. Even more depressing; European governments are giving in without a peep of protest.
Bits and pieces

All of the below are well worth surfing to

TAP on George Bush's real role in the Two Towers.

Donald Davies on Saddam Hussein and fantasy football.

Steven Berlin Johnson on mapping social networks through email.

Thursday, March 13, 2003

Pol sci and blogging part MMMCXVIII

Not that I usually pay much attention to William Kristol, but he does say something interesting in his back-cover blurb for Donald Westlake's excellent crime-caper novel, "Put a Lid on It." Kristol's verdict:

"This is a first-rate comic novel about a third-rate political burglary. It also reveals more about American politics than 99% of what passes for professional political science."

And he's at least half right. Political science does have some very interesting things to say; it just doesn't say them very well. Political scientists tend to write pretty badly; our professional training encourages us to hedge and qualify our statements, and to use pseudo-scientific language, even where we haven't used very scientific methods to study what we're talking about. And because politics is intrinsically more complex than -say- economics, we find ourselves stuck between a rock and a hard place. On the one hand, we don't have the grand simplifying theorems and results that economists have; precisely because we study those things (complex institutions) that economists leave out of their models. But on the other, we have aspirations towards being scientific, and thus reject the broad narratives that historians use in order to make their stories fun. We're studying stuff which is too complicated to present neat scientific results, but which is too "scientific" to be easily presented in a narrative form. And the field has evolved in such a way, that political scientists sneer at anyone who does try to present results in everyday language. Popularizers don't get tenure very often.

All of which gives reason to think that blogging - and related forms of expression - can only be good for political scientists. Blogging forces you to articulate what you want to say in everyday common language. You can use results from your academic specialization to bring your argument home; but you can't lapse into specialized jargon. Dan Drezner's piece in the New Republic Online is a nice illustration of what I mean - Drezner takes important results from political science and applies them to current debates, without resorting to academese (full disclosure: Dan and I are planning to write a piece together; Jeff Kopstein, who Dan cites, is a colleague of mine at U of T). If more political scientists did this sort of thing, Kristol's comment wouldn't have such force. This isn't to say that political science (or any other discipline) should devolve into bloggery - but the two can have a pretty constructive relationship.
CFP panel

The panel that Maria and I proposed for CFP has been finalized, more or less; the setup is probably as follows

Henry Farrell - chair (Lemony Snickett type definition: a chair is someone who doesn't know very much about the subject, and gives a vaguely relevant introduction and approving nods at appropriate moments)
Maria Farrell - International overview of data retention, who the players are, what they want and where it's going
Marco Cappato (Member of European Parliament, Radical Party) - traffic retention in the European Union
Ian Brown (University College London) and the Foundation for Information Policy Research FIPR - the UK experience on data retention
Cedric Laurant (EPIC) - the US debate on access to communications data

More anon ...
Long time no speak

I've been leaving it to Henry to carry the can for the last week or more while I've been rushing about writing talks and giving them. Here at last is the draft of a talk I gave a couple of weeks ago at the 21st Century Trust in Brussels on uses of personal data by EU governments, and in particular the role of the UK. It discusses traffic data retention, Europol data and the more recent airline passenger data issue and draws parallels between these three issues and draws some parallels between them:

 decisions affecting fundamental rights are being made in secret and with no meaningful attempt at democratic accountability,
 only law enforcement / JHA ministries are at the table, any potentially dissenting voice is excluded from decision making,
 the UK is pushing for EU policy outcomes which primarily favour US interests,
 the UK is using the less accountable European institutions to further domestically unpopular policies,
 measures taken ostensibly to fight terrorism actually have far broader application in general criminal justice,
 security measures are being taken which seem to diverge from or be disproportionate to the stated aims, and
 there is a total disregard for existing European human rights and data protection legislation.

I've taken a long time getting this up (and the conclusions section isn't quite finished...) because I had the bright idea of giving the talk first and only writing it afterwards. Well, the ideas have developed a little since, and there are recent developments on the airline passenger data issue, so it's pretty fresh stuff nevertheless. One of these days, though, I'd like to look more substantially at how terrorism measures relating to use of personal data are being pushed through the Council of Ministers and what it all means for transparency and accountability. But not being an expert on co-decision like Henry, this may take me some time! In the meantime, I'm reading this piece on the Third Pillar in the aftermath of 9/11 by Emek Ucarer, again courtesy of the brother.

I also gave a talk last night to post-graduates studying information security at the London School of Economics. I need to polish it up a little before I post it online, but the gist of it was that efforts to improve cyber-security have to be public-private partnerships, given that most critical infrastructure and all the ICT it relies on is now owned and/operated by the private sector. Industry talks at length about how it's in firms' own interest to secure the networks, self-regulation is best, etc. etc. but these arguments only go so far. There is a clear co-ordinating role for government where industry faces collective action problems and other obstacles that lead to under-supply of the public good that is a 'sufficient' or optimal level of information security. For example, information sharing and analysis centres (ISACs) rely on companies to report (anonymously) on vulnerabilities and breaches, the idea being to share the information in real time or otherwise and issue alerts, suggestions for patches, and improve security practice overall. However, industry hasn't really gotten its act together, especially outside the US, and ISACs aren't taking off the way you'd think they might have. The reasons for slow or non-existent uptake are that companies are paranoid about bad publicity, and some of them think this kind of information is proprietary, and they don't want to reveal information about their process to competitors. Individual companies don't find it sufficiently in their interest to share this information, even though they know they'd benefit if all or most other companies chose to do so - a classic collective action problem. This is the sort of issue where there's a potential role for governments in improving incentives, e.g. by working with legislators and insurers to reduce liability and exposure for companies who partake in ISACs, or other kinds of initiatives. I think there's also a role for governments in making sure that information coming from R&D isn't under-supplied, or (which is just as bad), not widely available, and also in helping ensure that there are enough trained security professionals around to secure the critical and not so critical infrastructures we depend on.

During the Q&A, it was asked if 'the market' could adequately supply information security - whether it is info sec of individual products, or in the economy as a whole. I don't think it can. From the little I know about this stuff (and Henry's post a few days ago about people learning micro-economics for the first time, the lights going on, and suddenly every problem in the world being seen in these terms etc. etc. is v. true for me!) though, it seems to me that the market will chronically under-supply information security (if it can be thought of as a single commodity) for two reasons:

- information asymmetries between buyers and sellers. The person buying the virus software / new platform / the mobile phone, etc. etc. does not know enough about info sec to make an informed choice.
- under-supply of public good due to collective action problems. Why should I spend 10% more on a product with better security (assuming I know enough to make that judgement)? I'm happy enough with the basic minimum, the next person probably won't bother anyway, and even if they did, I'd rather free ride on their efforts.

There's an important role for governments in raising awareness of information security - even to the point of making managers and CEOs and ordinary users think about it enough to do just a little homework. The UK's DTI does sterling work on this. There are also ways governments can change the incentive structure that leads to under supply - liability for systems used to mount DDOS attacks, incorporating info sec into corporate governance requirements, just to think of two ideas being mooted.

Anyway, I actually wrote most of last night's talk before I gave it, so I'll be posting that one over the weekend.
Safire jumps onto Den Beste bandwagon

Go look at William Safire's article in the NYT - which names France, China and Syria as countries with a "common reason for keeping American and British troops out of Iraq" - their fear that the world will discover that they've been supplying Saddam. No need to repeat yet again the reasons why this theory is stupid - the debate has been done to death. Still, I'm amazed at the willingness of supposedly smart conservatives to jump onto any conspiracy theory going, as long as it makes France look bad. Not so much Den Beste and his crew, who are descending into a self-referential little fantasy-land of their own creation - but people like Safire and Glenn Reynolds should know better. This doesn't mean that they have to like French policy - but they should recognize that it's better explained by bog-standard political selfishness than by purported nefarious plots to conceal what the world knows anyway. On this last, see the Sixth International's recent posts - an excellent and funny demolition job.

Update: see also Emma's nice take on the motivations for France's opposition to war.

Wednesday, March 12, 2003

Curiouser and curiouser

There's been a minor storm in the blogosphere over a speech by George Bush senior at Tufts University a couple of weeks ago. According to a recent story in the Times of London, the speech criticized Bush junior's disregard for the UN, as well as his treatment of US allies. Umpteen bloggers (myself included) immediately interpreted this as evidence of an important rift in the US foreign policy establishment. However, it quickly became clear that the Times' reporting of the speech was deeply flawed. Kevin Drum points to a contemporaneous account of the speech by a Boston Globe reporter, which depicts it as defending US policy. One of Kevin's correspondents has found a third account of the speech in the Washington Post, which depicts Bush senior as offering gentle guidance, not criticism, which is supposed to have influenced Bush junior's own recent Address to the Nation.

Reading the speech itself, it's clear that the Post gives the best account. Bush senior is generally supportive of administration policy, but drops a few quiet hints here and there about what he thinks should be done. Two interesting questions remain (here, I borrow liberally here from an email exchange with Kevin)
(a) why did the speech re-emerge into public debate a couple of weeks after it had been given?
(b) why did the WP and the Times spin it so differently?

Bush senior's speech had been more or less forgotten until the WP article gave it legs again. Did someone in Bush senior's camp brief the reporter to look at it again in the light of Bush junior's dismal contribution? If so, why? Alternatively, was this just the reporter's own bright idea?

Even more intriguing - why did the Times give Bush senior's speech such a negative spin? The Times has become a pretty trashy newspaper - but it's owned by Rupert Murdoch, and is thus an unabashedly pro-war trashy newspaper. So why poke a finger in George W. Bush's eye by claiming that Daddy disapproves of what he's doing? Enormous possibilities for conspiracy theories here - but we're entering into wilderness of mirrors territory. Decide for yourselves.

Update: Kevin Drum has more on this here

Tuesday, March 11, 2003

To have reached 30 is to have failed in life

(an entirely inapposite quote from Saki). Happy birthday to Kieran, who's reached 30. Kieran's blog was what inspired me to start meself, so I owe the man an enormous debt. I also note that Kieran's anniversary seems to have hastened William Sjostrom's precipitous descent into niceness; Dr. Sjostrom has a comment about True Love which is downright touching. Happily, though, AtlanticBlog itself remains as splenetic as ever.

Sunday, March 09, 2003

New blog

Dan Drezner had a post a while back about the affinities between political science and blogging; I'm a little surprised that more of us pol sci academics haven't started to jump on the bandwagon. In the meantime, however, there's an excellent new blog by a political scientist, Casus Belli. Well, not quite new - it seems to have been around for a month or two, but I hadn't come across it until Kieran Healy referenced it. It mostly covers international relations; Paul McDonald, who blogs it, is finishing his Ph.D. at Columbia (probably the most intellectually fertile IR program in the US at the moment). He's working on theories of hegemony - so his blog has good insightful stuff on alliance politics (without any academic jargon). Hardcore IR junkies should check out the papers available on his home page too. But enough said - go look for yourselves.

Why has NZ Bear's blogging ecosystem attracted so much attention? Technically, it's pretty weak - Technorati and even Myelin's version of the ecosystem are much more comprehensive. I reckon that it's because of NZ Bear's cunning division of the blogosphere into different rankings, ranging from Higher Beings down to Insignificant Microbes. This provides much entertainment, as one watches oneself and others variously ooze, wriggle, scuttle, flop, hop, slither, flap and clamber up and down the evolutionary ladder. Take poor Kieran Healy, for example, ascending rapidly from "crunchy crustacean" to "large mammal," and, equally quickly, devolving into a declasse "flappy bird," the likes of which he wouldn't have spoken to a couple of days previously. Moreover, the ecosystem also meets the basic social need for a hierarchical ranking, which people can use to measure their status. As usual, Max Weber has said it all already; in his "Class, Status and Party" he opines

"In contrast to classes, status groups are normally communities. They are, however, often of an amorphous kind. In contrast to the purely economically determined ‘class situation’ we wish to designate as ‘status situation’ every typical component of the life fate of men … is determined by a specific, positive or negative, social estimation of honor. this honor may be connected with any quality shared by a plurality, and, of course, it can be knit to a class situation: class distinctions are linked in the most varied ways with status distinctions."

Weber's point is that status isn't reducible to class, or any other external variable - it can be based on pretty well any marker or category. Even very silly ones. SF author Jack Vance (who should be required reading for all sociology undergrads) makes this point even more pungently in his novel, "Night Lamp," which describes a society whose people are obsessed with social climbing, through membership in clubs with ever-more ludicrous names - the Bad Gang, the Tattermen, the Lemurians, the Sick Chickens, and, lording it over everyone else, the overweeningly exclusive Clam Muffins. Sound familiar?