David Livingstone-Smith, New England
Ideology

The camera obscura description of ideology as an accidental inversion of reality. The Conspiracy Model of ideology as a purposive distortion of reality in pursuit of some goal.

There is a perfectly good model of non-intentional purposiveness available: the notion of biological purpose, e.g. the orhid that simulates a wasp for the “purpose” of seducing male wasps to use them as a pollenation vector.

Millikan’s theory of proper function provides analysis of non-intentional purposes. The thing that caused a reproduction of an item is the proper function of the item.

Ideologies are collective misrepresentations of the social world that:

perpetuate the power of dominant groups, creating the circumstances allowing their reproduction and the reproduction of that power.

 

Rachel Greenstadt, Drexel
Anonymouth: How to make machine learning for security usable

Long term anonymity is challenging, as shown in the case of “A Gay Girl in Damascus”. It’s particularly difficult to re-write an existing document in a new style.

Anonymouth provides a suggestion set of ideas for how to make your documents less recognisable as your own.

Luke Church, Cambridge
“tracking” for societal benefit

Users don’t understand derived sales models.

Asking programmers to allow the researchers to record and analyse their every keystroke and mouse click leads to refusal because they are afraid of the usage of that data.

Please can we slow down the process of restricting scientists access to data.

Bruce Schneier, BT
Profiling and Airports

Why profiling makes no sense in security, even if you have a differential threat. Arguing against intuition, “common sense” and “obviousness” with clear (security) engineering principles is hard.

Public policy has important characteristics which divorce it from individual common sense about security.

Political rhetoric focusses on folk belief, common sense and intuition, rather than solid engineering principles. Non-security issues are driving security decisions (including corporate interest, law enforcement interests, military interests).

The four horsemen of the cyber apocalypse used for two decades to justify intrusion.

Persuasion and security questions. How to teach people not to have their security fear buttons pushed.

Matt Blaze, University of Pennsylvania
Folklore

Why (Special Agent) Johnny (Still) Can’t Encrypt (redux)

APCO Project 25 (P25) cryptographic system for first responders.

Serious vulnerabilities in multiple ways, in theory. How often do they cause problems in practice?

Rule #1 of cryptanalysis – look for cleartext.

Ridiculous amount and high security content of cleartext. About 30 minutes of cleartext per day per city.

The problem exists because radio encryption is harder than we think.

After discussions with various agencies there was often a short term drop in cleartext but then a reversion and even an increase.

The act of paying attention to problems like this can lead to a reduction of security because of misunderstanding.

Institutional memory of the previous generation of analogue radios (encryption reduces quality) is still maintained even though it is completely incorrect for the current systems.