Friday, November 09, 2007

Google's phone number and SSN based persona cloning

[An early version of this post was created accidentally -- I think the release version of Windows Live Writer has a brand new 'Save Draft' bug.]

This morning I wrote about persona cloning at the heart of social network fraud. I didn't, of course, know that Cringely had just published a fascinating example of persona cloning that, in a bizarre way, may have benefits for the victim. I've a few excerpts here, but this is one of Cringely's best. Read the whole thing ...

I, Cringely . The Pulpit . Getting to Know You | PBS

While politicians and the U.S. Census Bureau may disagree on how many illegal aliens are living in the United States, the big credit reporting agencies have a pretty solid handle on the number and it is 17 million. That's 17 million adults of unproved nationality who have ongoing financial relationships with businesses or — believe it or not — governments...

... it isn't in any way close to the total number of U.S residents who have financial identities not tied to a Social Security number. That would be 37 million, meaning there are 20 million participants in the U.S. gray economy who aren't illegal, who are legitimate citizens. This means about 10 percent of U.S. residents are financially invisible, or think they are.

... Ah, but they do have Social Security numbers, just not their own. You need a Social Security number to sign up for utility services, for example. No Social Security number, no electricity, gas, phone, or satellite TV. So what's a poor alien to do? They go down to some local hangout and BUY a Social Security number to give to the utility. This has to be a legitimate number or it won't fly with utility computer systems, but does it have to be the customer's own number? ...

...there is a tacit agreement between the parties that a Social Security number must be provided because that's the rule, but if it happens to be someone else's Social Security number, well that's okay.

The funny thing about this is the impact it has to have on the person who was originally assigned that Social Security number by the U.S. government. Rather than hurt their credit it actually helps because there is so much evidence that they are good at paying their bills.

... some individual Social Security numbers are in use right now by UP TO 3,000 PEOPLE and it isn't at all unusual for a borrowed number to be used by 200-1,000 people at the same time. Remember that most of these folks AREN'T illegal aliens...

... Think for a moment of the impact a free mobile phone service will have on the mobile phone market. Why would I continue with Verizon or AT&T or Sprint or T-Mobile or Alltel or whomever if I could get the same or better service for free? Yeah, but the way to make the service free is by running ads on it and those ads would be contextually linked somehow to where or who you were calling and isn't that creepy, especially for business customers...

Which brings us back to the credit bureau. It would be very much in Google's interest to own one of the big three credit reporting agencies, because your mobile phone number is the most practical supplement for the Social Security number as a financial identifier.

Take all the web usage and YouTube video data Google has been acquiring about us all, glue it to our data down at the credit bureau, tie it to our mobile phone number and our mobile activity, then use the resulting product as both an information service and a database for targeting ads and you have Super Google — the most valuable company on Earth and entirely based on metadata...

It's a very fine piece of work, particularly the reporting on SSN overuse. That's rather relevant to those of us in the healthcare business -- we use the SSN as part of our statistical approach to establishing unique identities. We may have overestimated its value by an order of magnitude. Small detail.

Really, Cringely covers a lot of ground. Things are unlikely to work out so neatly, but the feel of it is right. The only thing I can add is that Cringely forgot about Google's GrandCentral. I just checked and my GC account still works [1]. Really, I'd forgotten about this digital identify of mine -- just one of many.

GrandCentral is your "personal phone number for life" with integrated message routing. It's a logical center piece of Google's identity strategy.

We're definitely getting close to the day when we're chipped at birth [2] and that number is our phone number for life ...

[1] If you put a GC number on your corporate business card you retain the number when you leave work. So you don't need to worry about losing your "identity" number when you lose your corporate cell phone.

[2] Hmm. Wonder if we could use the umbilical cord stump for chip insertion .... Just joking.

Fraud technologies use persona cloning to attack social networks

Successful frauds have always exploited social connections. New age fraud now leverages social networks to the same end (emphases mine) ...

E-Mail Scammers Ask Your Friends for Money - Bits - Technology - New York Times Blog

... The scammer somehow breaks into a victim’s Web-based e-mail account. He then impersonates the victim and sends an emergency plea for help to everyone in the account’s address book, asking them to wire money to Nigeria. The e-mail includes some variation on a story about getting mugged or losing a wallet while on a trip to Nigeria.

This happened recently to Drew Biondo of Port Jefferson, N.Y. He said he was at home early one morning when his wife alerted him to an e-mail she had received from his Yahoo address about his Nigerian money troubles. He scrambled to try to regain control over his account, but trying to find a phone number for an actual human at Yahoo was “ridiculously difficult,” he said.

Mr. Biondo, a public relations executive, used the Yahoo account for work e-mail and had about 600 people in his contact list, many of them journalists. He said he soon experienced “an influx of phone calls from every reporter I’ve ever spoken to,” including some he had not heard from in years. “I credit this Nigerian scammer with one thing: he made me feel good inside because these people cared enough to drop me a phone call.”

Yahoo asked Mr. Biondo for various proofs of his identity, including the long-forgotten answer to a security question he had set up ten years earlier. Two and a half days after it all began, he successfully logged into his account and sent out a mass mailing: “The long Nigerian nightmare is over.”

The NYT blog post has many other examples. This method is pretty primitive of course, the next generation will leverage Google OpenSocial APIs or Facebook APIs to further leverage social network technologies.

In all cases the fundamental ploy is identity assumption and then exploitation of entities that "trust" the identity. A Yahoo email account is a form of identity, just like your Google/Gmail persona, LinkedIn account, Facebook and Amazon profiles, checking account, credit card accounts, Federal social security account, drivers license, passport and biometric account holder. Not to mention various overt standards for identity management.

Identity theft is a misleading term. It implies the identity is gone completely, and it implies a singular identity. Perhaps persona cloning is a better term.

We all have dozens of identities (personas) with varying degrees of power, authority, attachment, control and manageability. Each identity has a set of transaction-specific reputations.

Loss of control of any of these identities will expose one's reputation circle to exploits - as well as one's own life.

It would be nice if we would start thinking a bit about this topic.

Nice, but unlikely.

PS. I really, really, don't like "security questions". Dumbest idea ever. Note how well it worked here.

Thursday, November 08, 2007

Race and dating preferences

I think this is mildly surprising, and even a bit encouraging ...
An economist solves the mysteries of dating. - By Ray Fisman - Slate Magazine

...Another clear gender divide, this one less expected, emerged in our findings on racial preferences, reported in a forthcoming article in the Review of Economic Studies. Women of all the races we studied revealed a strong preference for men of their own race: White women were more likely to choose white men; black women preferred black men; East Asian women preferred East Asian men [jf: note the next paragraph contradicts this statement!]; Hispanic women preferred Hispanic men. But men don't seem to discriminate based on race when it comes to dating. A woman's race had no effect on the men's choices.

Two wrinkles on this: We found no evidence of the stereotype of a white male preference for East Asian women. However, we also found that East Asian women did not discriminate against white men (only against black and Hispanic men). As a result, the white man-Asian woman pairing was the most common form of interracial dating—but because of the women's neutrality, not the men's pronounced preference. We also found that regional differences mattered. Daters of both sexes from south of the Mason-Dixon Line revealed much stronger same-race preferences than Northern daters.
So it's the women who decide how much inter-group mating occurs ... at least among Northern American daters.

It's odd that the editor didn't notice that the paragraphs were contradictory. White, black, and Hispanic women were group specific, east asian women were ok with east asian or white men.

Dershowitz makes the case

The GOP voted unanimously for another Torturer General. Six democrats join the parade of shame. Meanwhile, Tom Tomorrow has the best reply to Dershowitz...
This Modern World: If the Nazis could make it work, why not us?:

... "You know, I was on the fence there about torture, until Dershowitz pointed out it really worked well for the Nazis! Color me convinced!"

Employment benefit complexity: we are sheep

Baaaaaaa said the sheep, on the way to be ... sheared.

My wife and I have just selected our family's employment benefits for 2008. There were 4 basic health plans, two indemnity and two "health savings accounts" (they used some other name this year). In addition, one could create another 11 variants of one of the four plans.

The plans had wildly different pre-tax monthly paycheck deductions (so the true cost varies depending on one's tax bracket). They also have different providers, different deductibles, different out-of-pocket maximums (but are they really maximums?), different networks, and a complex mix of co-pays and percent uncovered for each transaction. Not to mention x-rays and labs.

Some costs that might be post-tax dollars can be covered by a pre-tax flexible spending account -- but you must be sure to spend all of it. Then there's a Dependent Care account, but be sure your spouse earns at least as much as what one claims -- or that's lost too.

If I had a team of lawyers, statisticians, and software developers, I could create simulations based on our known risk factors and run them against the plans. I would use Monte Carlo methods to create random variations around means, and then produce a probability distribution of likely costs.

Oh, wait a minute. It's the insurance companies that have that team. We just have ... a coin toss.

I feel like I've just signed a contract with Satan -- or, worse, Sprint Minnesota. I had to sign the contract, but I know it's hopeless. My immortal soul will be stuck in Hell

Do the French put up with this kind of stupidity? I like to imagine not.

Americans are sheep.


Complexity + Tight Coupling = Catastrophe

Years ago I was keen on the strategic advantages of loosely coupled software solutions and an associated ecosystem.

I'd forgotten that until recently, when both "ecosystem" and "coupling" became fashionable terms.

Good, they're important concepts.

I agree with this, for example: Complexity + Tight Coupling = Catastrophe.

The genetic engine is very loosely coupled. Not a bad idea really.

File for the mythical startup - operations

I have a small collection of these "pearls" of startup wisdom. Come the day I'll be able to find them all, using my newest tag - "startup" (it'll take a while for me to tag the back posts): 

Operations is a competitive advantage... (Secret Sauce for Startups!)

...In my experience it takes about 80 hours to bootstrap a startup. This generally means installing and configuring an automated infrastructure management system (puppet), version control system (subversion), continuous build and test (frequently cruisecontrol.rb), software deployment (capistrano), monitoring (currently evaluating Hyperic, Zenoss, and Groundwork). Once this is done the "install time" is reduced to nearly zero and requires no specialized knowledge. This is the first ingredient in "Operations Secret Sauce".

This kind of scaleability becomes really interesting when you find yourself suddenly popular, as iLike did when it launched its Facebook app and had to scale up fast (Radar)...

Major League Baseball leads fight for digital freedom

MLB changed their video contractor and disabled all the copy-protected videos they'd previously sold.

Yeoman's work! MLB is doing a wonderful job discrediting the entire digital rights management industry.

Major League Baseball is thus this week's winner of the Gordon's Notes' "Digital Freedom" medal.

Sometimes the stupid also serve.

Skinnies burn fast, plumpies less demented

I caught this Kolata article in the NYT a few days ago, but I hard a hard time finding it just now. I suppose the results seemed so odd that most bloggers have rejected it as yet more evidence that medical science has a consistency problem . (A position towards which I have some sympathy.)

It turns out that skinnies die younger than the pleasingly plump (but not obese). Odd indeed, since near-starvation diets promote longevity in worms and mice alike. Not only that, the skinnies get demented faster.

I think there's a quite plausible explanation. First the article (emphases mine)...

Causes of Death Are Linked to a Person’s Weight - Gina Kolata - New York Times

About two years ago, a group of federal researchers reported that overweight people have a lower death rate than people who are normal weight, underweight or obese. Now, investigating further, they found out which diseases are more likely to lead to death in each weight group.

Linking, for the first time, causes of death to specific weights, they report that overweight people have a lower death rate because they are much less likely to die from a grab bag of diseases that includes Alzheimer’s and Parkinson’s, infections and lung disease. And that lower risk is not counteracted by increased risks of dying from any other disease, including cancer, diabetes or heart disease.

As a consequence, the group from the Centers for Disease Control and Prevention and the National Cancer Institute reports, there were more than 100,000 fewer deaths among the overweight in 2004, the most recent year for which data were available, than would have expected if those people had been of normal weight.

Their paper is published today in the Journal of the American Medical Association.

The researchers also confirmed that obese people and people whose weights are below normal have higher death rates than people of normal weight. But, when they asked why, they found that the reasons were different for the different weight categories.

Some who studied the relation between weight and health said the nation might want to reconsider what are ideal weights.

“If we use the criteria of mortality, then the term ‘overweight’ is a misnomer,” said Daniel McGee, professor of statistics at Florida State University.

“I believe the data,” said Dr. Elizabeth Barrett-Connor, a professor of family and preventive medicine at the University of California, San Diego. A body mass index of 25 to 30, the so-called overweight range, “may be optimal,” she said.

... A woman who is 5 foot 4, for instance, would be considered at normal weight at 130, underweight at 107 pounds, overweight at 150 pounds and obese at 180.

... The higher death rate in obese people, as might be expected, was almost entirely driven by a higher death rate from heart disease.

But, contrary to expectations, the obese did not have an increased risk of dying from cancer. They were slightly more likely than people of normal weights to die of a handful of cancers that are thought to be related to excess weight — cancers of the colon, breast, esophagus, uterus, ovary, kidney and pancreas. Yet they had a lower risk of dying from other cancers, including lung cancer. In the end, the increases and decreases in cancer risks balanced out.

As for diabetes, it showed up in the death rates only when the researchers grouped diabetes and kidney disease as one category. Diabetes can cause kidney disease, they note. But, the researchers point out, the number of diabetes deaths may be too low because many people with diabetes die from heart disease, and often the cause of death is listed as a heart attack...

Now, how do I make sense of this and say it strikes me as quite plausible (I'm technically on the low end of overweight based on my BMI, thank you)?

I'll wager it's the aging clock and an associated "burn rate". The old "metabolism" metaphor doesn't do too badly, though I think it's fundamentally an aging rate issue.

If you have a slower-aging clock you tend to burn slower and gain weight. If you have a fast aging clock you tend to burn faster and stay skinnier.

In today's calorie and taste rich and exercise-light environment most people with normal or subnormal BMI have pretty fast clock and fast burn rates. They age more quickly, and so develop dementia and age-associated cancers more often.

People with very slow burn rates and slow clocks become obese, and die of obesity complications. (Though if they make it to old age I think they can last quite a long time.) In a world of fewer calories and more exercise they might do the best of all, however.

People with average to slow burn rates and average to slow clocks get plump and, if they dodge diabetic complications, they live longer and better. They do need to work to stay shy of obese however.

Which would put us back to the weight/health definitions we used in the 1980s, before new BMI standards made everyone overweight.

Oh, and the near-starvation diet and the ultra-skinny mice? That's a different effect, a physiologic response to prolonged famine. The clock slows down.

So the diet pill of tomorrow will both slow the clock (like the near-starvation diet) and cause the body to dump its calories into the GI tract.

Great news for all those plump folks out there ...

PS. Note this means that stuffing a skinny with calories won't actually help them. You'd need to slow the clock.

Wednesday, November 07, 2007

Diabetic non-compliance explained

I took care of lots of Type II diabetics back in the day, but not so many Type I diabetics. It's far less common than type II. I'm pretty sure, however, that I never understood: Diabulimia.

Skipping insulin for someone who's insulin dependent can be a great way to lose weight. Of course it can lead to total weight loss (as in death), but that's not quite guaranteed -- at least, not right away.

The article, which is appropriately sympathetic, provides a lot of insight in a quick read.

Pat Robertson does not believe in God

Of course we always knew it was about power, not virtue, but Pat Robertson's support of Giuliani tells us something even more remarkable.

Robertson can't believe in the God he preaches about. In particular, he clearly doesn't believe in a personal and judgmental deity who consigns sinners to eternal damnation.

If he did believe in that monster, he wouldn't touch Giuliani with a 10 foot pole.

To a reasonable approximation, it appears Robertson doesn't believe in his God.

LinkedIn goes exponential

They're such an obvious Google acquisition target. Maybe too obvious.

I've been on LinkedIn for about a year, but for most of that time my network wasn't too large. I didn't really press it. More recently several things boosted my use and even led to some proselytizing:
  • a high school reunion led to some sentimental additions
  • I started attaching my LinkedIn profile to my email signature
  • I decided I wanted a net presence (a facade or facet identity) that was less revealing than my old web site.
  • I added a link to my LinkedIn profile to my corporate Sharepoint profile
  • LinkedIn will now process a Gmail contact list and look for matches to LinkedIn members (among others I located a sister-in-law that way)
  • organic growth
The result is my network is getting fairly large and it's growing very quickly:
19,053 new people in your network since November 1

People in your network are hiring:
* Sr Data Warehouse Architect at Yahoo! Inc.
* SAP HR and SD Consultants at Bluefin Resources
* SAP Business Analyst (various disciplines, levels, all perm/full time) at Goodrich Aerostructures
This is going to be interesting. The trick for LinkedIn will be to extract revenue without getting too greedy -- though their end point is most likely to be a Microsoft or Google acquistion.

Apple Tablet: what the heck is it good for?

Daring Fireball thinks the Apple tablet rumor will turn out to be true:
Apple Tablet PC is real, says Asus - Crave at CNET.co.uk:

...So, can Apple turn the Tablet PC into a success when previous attempts have failed? The short answer is 'yes'. Any company that can make a mobile phone with no buttons, no picture messaging, slow Web access and no video capture into the most desirable phone on the planet can easily make tablets popular...
I wasn't paying attention until DF spoke. So now it's at least mildly interesting.

I have no idea what I'd use it for, but I'm not Apple's demographic. They haven't done anything new since the original Nano that's ready for me to buy. (I very much want an iPhone with 1993 Palm Pilot 1.0 capabilities, but that's just another proof point that Apple isn't selling to me.)

What the heck would a slate/tablet be good for besides vertical markets? Did you ever try reading the newspaper on one? (Hint: laptops don't require a stand and they have other value.)

I'll be looking around for a clue ...

Emmy Noether and symmetry: we ought to know HER name

[If you look at the URL of this post, you'll see I originally wrote "his name" in the title. Brilliant mathematical physicist? Tell me you wouldn't make the same blunder. Ok, so not everyone would.]

CV tells us we ought to honor the name of Emmy Noether:
Higgs 101 | Cosmic Variance

...I believe that the greatest (and I mean THE greatest) discovery of the 20th century was to recognize that every symmetry in nature coresponds to some conserved physical quantity. It is a great sorrow that Emmy Noether did not win the Nobel Prize for this profound work. Symmetries are all around us - some are very simple, and some not so simple. For example, consider symmetry in time. The laws of physics are (we presume) the same now as they are at the time you finish reading this sentence, and will be the same 100 years from now. If you move (translate) in time, the rules stay the same. This symmetry in fact leads to conservation of energy. Likewise, if you move in space, the laws of physics are the same. This leads to conservation of momentum. If you rewrite the laws of physics in a frame of reference rotated 42.6 degrees from the one where you are writing them now, they are the same…conservation of angular momentum...
I did not understand the relationship of symmetry to energy conservation.

Alas, Nobels are not given posthumously, which is why there's a correlation between longevity and becoming a laureate. Emmy died young ...
... Emmy fled Germany in 1933; she had been forbidden from teaching undergraduate classes by the Nazi racial laws. She joined the faculty at Bryn Mawr College in the United States. She died at Bryn Mawr on 14 April 1935 in mysterious circumstances. Her doctor told her that she needed an operation, and she scheduled it during a college break at Bryn Mawr, without telling anyone. She perished during or shortly after the surgery. Emmy never married, and she had no relatives in the USA. Emmy was buried in the Cloisters of Thomas Great Hall on the Bryn Mawr Campus.
There was at that time a common operation performed secretly with a high mortality rate, but Ms. Noether was 53 when she died.

Tuesday, November 06, 2007

NYT subscriptions fall sharply

My read of this article was that the NYT had the steepest circulation fall of the national journals:
More Readers Trading Newspapers for Web Sites - New York Times

The New York Times, which shed less-profitable circulation and increased some prices in the last year, lost 4.5 percent of its weekday circulation (to less than 1.04 million) and 7.6 percent of its Sunday circulation (to 1.5 million)..."
I think it's plausible that the NYT has mostly lost readers to the NYT web site, but it's one heck of a circulation drop.