Tag Archive for cyberpunk

Single Point or Continuum



A couple of weeks ago, I posted a blog entry here about the thin line between a security researcher and “cracker”.  About how the difference between “good guy” and “bad guy” gets blurred by things like corporate bounties for zero day exploits and law enforcement’s ideas on criminal prosecution.  There’s another element to be considered as well.


Here’s the thing.  Whomsoever gets their story out there first has some lead time to shape hearts and minds.  The “Feds” are never EVER going to be first at this.  They don’t GAF about hearts and minds, they care about facts and evidence.  So when they finally speak up, it means they have something that will hold up in court.  This can take months, possibly even years and by the time they finally DO speak up, there’s going to be a sh*tstorm of public opinion to deal with.  So nobody will believe them, because they didn’t put the time in on the PR side.  Because their job is to enforce the laws, not to make you feel all warm and fuzzy while they do it.

But as observers in the court of opinion, we don’t really *know*, do we? Anyone who has been in a tight moral spot can empathize with the researcher, can understand that they might have been stepping outside the box in order to get a security issue taken seriously.  But on the other hand, we have the authorities eventually speaking up and saying “Well, actually…”  Could both sides be lying?  Absolutely.  Could both sides be telling the truth?  After a fashion (once you start getting terminology clarified).

And when we run into a disconnect like this one, this is where our trust breaks down.  This is where we have a step across the line that might be a bit too much too far.  A “white hat” hacker trying to ensure a security hole is fixed, possibly trying to do the “right thing”, but the story as it continues to unfold suggests that the “right thing” put lives in danger.  Not in the “I’m going to take you all down with me Mouhouhahaha” kind of danger, but the “Hey Ma, look, no hands!” kind of danger, where a situation itself is high-risk even if the intentions are benign.

And in the meantime it serves to reinforce the idea that hackers of any color hat are dangerous.  They can lay hands on the keys to the city and cannot wholly be trusted not to use them.  Their own moral compass (or thirst for knowledge, or love of puzzle-solving) may drive them to act for the greater good, circumventing much slower corporate processes but endangering lives (or personal information, or your nest egg) in the process.

Not today, but tomorrow.




Pre-crime is coming.  Actually, pre-crime has been here for half-a century, but nobody’s really noticed yet (and, truth be told, a great many people will still never notice until it bites them in the *ss).

Take credit scores, as an example.  Your score is based on your history.  They look at your reliability, your f*ckups, your open credit lines, your possible debt (if you go all hog-wild and blow your remaining open balance on thousand dollar whiskey and strippers, for example).  They analyse your past behavior to determine your future behavior.  Because people tend to fall into a rut.  We fall into a pattern.

The JP Morgan algorithm is doing much the same thing.  It’s looking, not for a single f*ckup, but for a pattern of behavior (which is funny, since “Past performance is not a guarantee or indicator of future performance.” is typed neatly at the bottom of every brokerage account statement for every brokerage firm *everywhere*).  Those patterns of behavior used to be the purview of the managers, the Branch Admins who’s job it was to keep an eye on all the transactions that went in and out.  Once upon a time, it was a big job.  Once the internet became a THING it became an almost impossible job.

And for those among you, who is not going to feel better knowing that their banker or broker has another layer of control on them to make sure they don’t blow all your savings on a trip to Tahiti?

And how many of you, who held your hand up just now, are going to complain when those same algorithms are applied to YOUR jobs?  In retail, in concessions, in any company where you have a lot of employees and a lot of opportunities, this thing is going to find a home.