The Hobby Lobby case was an extravagant law suit. Of course religious freedom should have won. There should never have been any question. The problem was not with Hobby Lobby, and it was certainly not about human rights. The problem is with who carries the obligation to enforce those rights.
Consider how this would play out: The government decides to enforce the right to own property by putting businesses in charge of it. Now, businesses are legally required to handle things like evictions and property deeds for their employees. If an employee is robbed, the employer is required to investigate and bring the thief to justice. Oh yeah, and this only applies to full time employees.
Now, considering the following: The government and the majority of Americans establish that adequate medical care is a fundamental human right. The government comes up with a list of medical care related things that every person should have free access to. Now, to enforce this the government does two things. First, it puts enforcement in the charge of for-profit businesses. Businesses are now required to provide their employees with the list of things that every person should have free access to. Now, we cannot forget though, this only applies to full time employees. The second thing the government does is to mandate that anyone who is not a full time employee must pay, out of their own pockets, for insurance. This is great. Now, the government says that adequate medical care is a fundamental human right, so we are forced to enforce this right ourselves on an individual basis. That makes perfect sense. Imagine if this was applied to freedom of speech. If the government tries to shut us up, our only recourse is to fight the government as an individual. Appealing to the law would not be an option, because it is our own problem, not the government's. This applies equally to medical care. The government is pretending to provide what has been established as a fundamental human right by saying that for-profit businesses and individuals have to enforce this right.
The Hobby Lobby case should not have been about religious freedom. That should have been a given. The Hobby Lobby case should have been about responsibility. If the government is not responsible for enforcing human rights, then no one is. Enforcing rights is the purpose of the government. The reason health care has become a problem in the first place is that the existing system, including mandatory benefits and health insurance, is entirely inadequate. Forcing people to subscribe to the current system can hardly be considered enforcing a fundamental human right to adequate medical care. In fact, it is little more than another way for the government to control us and subject us.
The big problem with requiring businesses to enforce human rights is that it forces people to work for them. This is a rather foul case of discrimination against freelancers and business owners. Human rights do not just apply to those who work for someone else. If something is a right, then, by definition, it applies to everybody. Further, allowing businesses to get out of this obligation for part time employees is even worse discrimination against the poor. Clearly, the American lower class does not have the right to adequate health care, based on the precedents set by the law. This also gives businesses far too much power. A business can decide who has the right to adequate medical care merely by setting schedules and employee classification. If my employer does not like my religion, my political ideology, my race, or even my hair color, a simple reduction in hours can change my classification to part time, exempting me from the right to adequate medical care. Even worse, now I am legally required to go buy insurance (which, just for the record, does not provide adequate medical care), even though my pay check just got substantially reduced. Choosing who human rights apply to is not the responsibility of for-profit businesses. In fact, even governments have no business discriminating in this area.
Enforcement of human rights is the job of the government. It is not the job of businesses, and it certainly is not the job of the individual. If individuals have to enforce their own fundamental rights, then the government is obsolete. A government that puts the burden of enforcing human rights on businesses and individuals is lazy and corrupt. If adequate health care is truly a fundamental human right, the government needs to get off of its lazy butt and take care of the problem. This is the government's job. It is not the job of businesses or individuals. Further, if adequate heath care is a human right, it should apply to everyone, not just those who work full time and not just those who are willing and can afford to buy into the system.
Hobby Lobby should never have needed to defend its religious rights. The government never had any business placing the burden of providing a fundamental human right on the business in the first place. There are certainly cases where religious freedom must be balanced with other human rights, but it was entirely wrong of the government to place Hobby Lobby, or any other business, in this position in the first place. Not only could this pitting of religious freedom against the right to adequate health care have easily been avoided, it should have. If the government had done the right thing in the first place, this issue would never have arisen.
27 January 2015
16 January 2015
Collision Avoidance
In networking, there is this idea called collision avoidance. In data networks, information is sometimes transmitted over a medium that is shared by multiple computers. In these circumstances, it is possible that two computers will start transmitting data almost simultaneously, corrupting both data sets. Even if both check to make sure no one else is transmitting, one might start transmitting after the other one, but before it detects the signal. While this is not very common on physical wires since the advent of Ethernet, where hubs, switches, and routers direct the traffic on shared cables, this is still a major concern with wireless networks. While collision detection helps computers know when corrupted data needs to be retransmitted, the ideal solution is collision avoidance, which prevents collisions altogether. Collision avoidance involves communication between computers before sending data, to prevent collisions that would waste network bandwidth.
Collision avoidance is also important outside of the field of networking, and most people use it daily. Maybe you are walking down the hall at work, and you move slightly to the right to avoid walking into another person. At dinner, two people might try to pass condiments to the same person, and one will have to stop and wait for the other. Often this is a perfectly smooth exchange where no communication is necessary. One person gives right-of-way to the other, or both people take measures to avoid collision. Other times, two people might both move in the same direction, maintaining their course of collision with reference to each other, and then some kind of communication must occur (usually a glance and some laughter). It is subtle, but the information communicated in the glance will usually make it clear who is going to do what to avoid the impending collision.
Perhaps one of the most common daily uses of collision avoidance occurs while driving cars. In general, if we follow all traffic laws, we will avoid collisions, but there are some cases where this is not true. The most notable one is where two people approach a 4-way intersection from opposite sides, and stop simultaneously. If they do not stop at the same time, the law says the rule is first-come-first-served. If they are not opposite from each other, the law says the guy to the right gets to go first. In a situation where there is complete symmetry, however, there is no rule sufficient to prevent collision. In fact, there is not even a way of distinguishing which car is which (even if you say ,"the bigger vehicle goes first," what if they are the same make, model, year, color, etc...). This is one case where communication is necessary for collision avoidance. Sometimes one car will communicate its intent to go first by inching forward. This does not always work, as both may try this tactic, but it often does. By far, the most common communication I have seen is the wave. One car will wave the other to go first. Whoever waves first goes last. For this situation, this form of collision avoidance is pretty good. The wave is a common collision avoidance communication for almost all instances where collision avoidance is necessary in traffic.
Now, here is what I actually want to talk about: the misuse of collision avoidance. Sadly, this is almost as common as using collision avoidance legitimately in traffic, but instead it actually increases the risk of collision. Sometimes, at an intersection, one car will clearly stop before the other (in fact, I deliberately regulate my speed when approaching intersections to make sure it is clear who stopped first). When this happens, the law states that the first car to stop goes first. Sometimes though, the guy who stopped first will "be polite" and wave the other driver on. This results in a dilemma. The waver has essentially signaled that he is forfeiting his right-of-way. Unfortunately, the law does not recognize this, and it still states that the first to stop is the first to go. Now, assuming there are no extenuating circumstances (maybe the waver's car just stalled, and he cannot get it to start again), the second driver has to decide to either break the law or wait until the other driver gives up and goes. This can, and has, caused accidents, as both drivers give up waiting at the same time and crash right into each other. The worst part is that the fault is legally attributed to the second driver, even though the first told her to go!
Far from polite, waving someone on when it is not their turn is rude and dangerous, not to mention invalid. If you have the right-of-way take it. If there is some reason you cannot, then you should probably turn your hazard lights on. The only time collision avoidance is valid is when there is enough ambiguity that there is an actual risk of a collision. If you really do not want to go first, the start slowing down sooner, so you do not stop first. Do not tell people to break the law. Do not waste other people's time by waiting for them to go when you clearly have the right-of-way. Certainly do not endanger other people's well being in a lame attempt to be polite.
Collision avoidance is also important outside of the field of networking, and most people use it daily. Maybe you are walking down the hall at work, and you move slightly to the right to avoid walking into another person. At dinner, two people might try to pass condiments to the same person, and one will have to stop and wait for the other. Often this is a perfectly smooth exchange where no communication is necessary. One person gives right-of-way to the other, or both people take measures to avoid collision. Other times, two people might both move in the same direction, maintaining their course of collision with reference to each other, and then some kind of communication must occur (usually a glance and some laughter). It is subtle, but the information communicated in the glance will usually make it clear who is going to do what to avoid the impending collision.
Perhaps one of the most common daily uses of collision avoidance occurs while driving cars. In general, if we follow all traffic laws, we will avoid collisions, but there are some cases where this is not true. The most notable one is where two people approach a 4-way intersection from opposite sides, and stop simultaneously. If they do not stop at the same time, the law says the rule is first-come-first-served. If they are not opposite from each other, the law says the guy to the right gets to go first. In a situation where there is complete symmetry, however, there is no rule sufficient to prevent collision. In fact, there is not even a way of distinguishing which car is which (even if you say ,"the bigger vehicle goes first," what if they are the same make, model, year, color, etc...). This is one case where communication is necessary for collision avoidance. Sometimes one car will communicate its intent to go first by inching forward. This does not always work, as both may try this tactic, but it often does. By far, the most common communication I have seen is the wave. One car will wave the other to go first. Whoever waves first goes last. For this situation, this form of collision avoidance is pretty good. The wave is a common collision avoidance communication for almost all instances where collision avoidance is necessary in traffic.
Now, here is what I actually want to talk about: the misuse of collision avoidance. Sadly, this is almost as common as using collision avoidance legitimately in traffic, but instead it actually increases the risk of collision. Sometimes, at an intersection, one car will clearly stop before the other (in fact, I deliberately regulate my speed when approaching intersections to make sure it is clear who stopped first). When this happens, the law states that the first car to stop goes first. Sometimes though, the guy who stopped first will "be polite" and wave the other driver on. This results in a dilemma. The waver has essentially signaled that he is forfeiting his right-of-way. Unfortunately, the law does not recognize this, and it still states that the first to stop is the first to go. Now, assuming there are no extenuating circumstances (maybe the waver's car just stalled, and he cannot get it to start again), the second driver has to decide to either break the law or wait until the other driver gives up and goes. This can, and has, caused accidents, as both drivers give up waiting at the same time and crash right into each other. The worst part is that the fault is legally attributed to the second driver, even though the first told her to go!
Far from polite, waving someone on when it is not their turn is rude and dangerous, not to mention invalid. If you have the right-of-way take it. If there is some reason you cannot, then you should probably turn your hazard lights on. The only time collision avoidance is valid is when there is enough ambiguity that there is an actual risk of a collision. If you really do not want to go first, the start slowing down sooner, so you do not stop first. Do not tell people to break the law. Do not waste other people's time by waiting for them to go when you clearly have the right-of-way. Certainly do not endanger other people's well being in a lame attempt to be polite.
06 January 2015
Conservatism and Conservationism
Conservatism is an ideal of resistance to change. In politics, it is typically realized by an avoidance of rapid change and an analytical approach to slow change, to ensure that each change is beneficial. Of course, actual conservative political parties differ dramatically in how they approach this, and in many cases, they add to their platform things that are not even remotely related to the political ideology.
Conservatism in politics has some weaknesses. Sometimes rapid changes are necessary. As things beyond human control change and we learn more about the Earth and science, we will sometimes come across new things that alter how we think and react to what is around us. This can require quick decision making to adapt appropriately. Conservatism is not very good at these fast reactions. Extreme conservatism has another weakness. Extreme conservatism resists all change, to the point of resisting changes that have already been made. As the world changes, extreme conservatism would ignore those changes, even if it brings suffering. Conservatism has a strength in avoiding hasty decisions that could bring disaster, but it also has weaknesses when change is necessary and urgent. Conservatism extends far beyond general politics though.
Conservationism is a far more focused type of conservatism. Conservationism is also an instance of extreme conservatism. The goal of conservationism is to prevent environmental changes. If there is a forest where a certain kind of bird lives, conservationism advocates for leaving the forest alone, even if it has a huge amount of value as a natural resource. Conservationism prominently opposes human changes to the environment, but it also tends to oppose natural changes, where the effect is perceived as negative. Conservationism has been very valuable in preventing environmental destruction. Conservationism is why we have not over fished some types of fish to extinction. It has saved countless endangered species. It has protected many areas that have more value the way they are than the way humans would have made them. It also almost destroyed the ancient Redwood forest in California. In fact, conservationism has almost destroyed a lot of valuable natural resources.
Conservationism suffers from the same weakness as general conservatism. It does not adapt well. Sometimes change is inevitable. Habitats naturally change over time. We are beginning to see problems arise from preventing these changes in the name of conservationism. One of the most prominent examples is the great Redwood forest in California. This forest almost burned to the ground because conservationists prevented natural fires in the forest for many years. This seems counterintuitive, but it is totally real. Redwood trees have fire resistant trunks, but their foliage is vulnerable. Normally, natural fires would cull the underbrush in the forest regularly, only touching the resistant trunks of the huge trees. After many years of preventing these fires, the brush got so high that the next fire started to reach the vulnerable foliage. Fortunately the situation was contained, but we almost lost a beautiful natural resource in our zeal to protect it from change.
The Redwood forest is not the only case where conservationism did more harm than good. So called "invasive species" are often more helpful than bad. Sometimes they do significant damage to ecosystems, but more frequently they fill empty niches, increasing diversity and robustness of the ecosystem. Preventing invasive species from propagating into ecosystems that are already weak can allow damage to occur that the foreign organism could have prevented. Studies over the last decade have shown that invasive species are good far more often than they are harmful. Similarly, ecosystems that might naturally change have been prevented from doing so in the name of conservationism for many years, but when they eventually finally changed in spite of human resistance, ecologists discovered that the changes created new habitats for animals that were once thought to be extinct. They also learned more about the history of those areas. Far more value was realized in allowing nature to take it course than was ever added by the conservation efforts. Conservationism has great value, but its weaknesses should not be underestimated. Radical conservationism can cause more damage than just allowing nature to takes it course. Sometimes change is just necessary, and human efforts to prevent it will cost a lot of resources, but nature will still eventually win.
The ironic part about conservatism and conservationism is that in the U.S. political arena, they are opposing forces. It turns out that humans are naturally conservative. Political conservatives choose one outlet for this, while conservationists (who are more often politically liberal) choose another. Really though, political conservatism and conservationism are different aspects of the same thing. Conservatives being anti-conservation is rather hypocritical. Likewise, liberals being pro-conservation is also hypocritical. Overall though, there is no reason for conservationism to be politically divided at all. We could use voices from both sides guiding how we conserve resources and the environment, because that would help to mitigate the weaknesses of conservationism. What we don't need is to halt the course of nature in ways that will prove harmful.
Conservatism in politics has some weaknesses. Sometimes rapid changes are necessary. As things beyond human control change and we learn more about the Earth and science, we will sometimes come across new things that alter how we think and react to what is around us. This can require quick decision making to adapt appropriately. Conservatism is not very good at these fast reactions. Extreme conservatism has another weakness. Extreme conservatism resists all change, to the point of resisting changes that have already been made. As the world changes, extreme conservatism would ignore those changes, even if it brings suffering. Conservatism has a strength in avoiding hasty decisions that could bring disaster, but it also has weaknesses when change is necessary and urgent. Conservatism extends far beyond general politics though.
Conservationism is a far more focused type of conservatism. Conservationism is also an instance of extreme conservatism. The goal of conservationism is to prevent environmental changes. If there is a forest where a certain kind of bird lives, conservationism advocates for leaving the forest alone, even if it has a huge amount of value as a natural resource. Conservationism prominently opposes human changes to the environment, but it also tends to oppose natural changes, where the effect is perceived as negative. Conservationism has been very valuable in preventing environmental destruction. Conservationism is why we have not over fished some types of fish to extinction. It has saved countless endangered species. It has protected many areas that have more value the way they are than the way humans would have made them. It also almost destroyed the ancient Redwood forest in California. In fact, conservationism has almost destroyed a lot of valuable natural resources.
Conservationism suffers from the same weakness as general conservatism. It does not adapt well. Sometimes change is inevitable. Habitats naturally change over time. We are beginning to see problems arise from preventing these changes in the name of conservationism. One of the most prominent examples is the great Redwood forest in California. This forest almost burned to the ground because conservationists prevented natural fires in the forest for many years. This seems counterintuitive, but it is totally real. Redwood trees have fire resistant trunks, but their foliage is vulnerable. Normally, natural fires would cull the underbrush in the forest regularly, only touching the resistant trunks of the huge trees. After many years of preventing these fires, the brush got so high that the next fire started to reach the vulnerable foliage. Fortunately the situation was contained, but we almost lost a beautiful natural resource in our zeal to protect it from change.
The Redwood forest is not the only case where conservationism did more harm than good. So called "invasive species" are often more helpful than bad. Sometimes they do significant damage to ecosystems, but more frequently they fill empty niches, increasing diversity and robustness of the ecosystem. Preventing invasive species from propagating into ecosystems that are already weak can allow damage to occur that the foreign organism could have prevented. Studies over the last decade have shown that invasive species are good far more often than they are harmful. Similarly, ecosystems that might naturally change have been prevented from doing so in the name of conservationism for many years, but when they eventually finally changed in spite of human resistance, ecologists discovered that the changes created new habitats for animals that were once thought to be extinct. They also learned more about the history of those areas. Far more value was realized in allowing nature to take it course than was ever added by the conservation efforts. Conservationism has great value, but its weaknesses should not be underestimated. Radical conservationism can cause more damage than just allowing nature to takes it course. Sometimes change is just necessary, and human efforts to prevent it will cost a lot of resources, but nature will still eventually win.
The ironic part about conservatism and conservationism is that in the U.S. political arena, they are opposing forces. It turns out that humans are naturally conservative. Political conservatives choose one outlet for this, while conservationists (who are more often politically liberal) choose another. Really though, political conservatism and conservationism are different aspects of the same thing. Conservatives being anti-conservation is rather hypocritical. Likewise, liberals being pro-conservation is also hypocritical. Overall though, there is no reason for conservationism to be politically divided at all. We could use voices from both sides guiding how we conserve resources and the environment, because that would help to mitigate the weaknesses of conservationism. What we don't need is to halt the course of nature in ways that will prove harmful.
05 January 2015
Misuse of Technology
Within the last few years, some of the most potentially useful technology for medical use has gained wide popularity, especially among teens. E-Cigarettes have become more popular than traditional cigarettes among teens in the U.S. These high tech cigarette replacements vaporize water containing nicotine and sometimes flavorings or aromas, for inhalation. They are safer than traditional cigarettes which also contain tobacco tar, toluene, and other dangerous substances, but there is no evidence that e-cigarettes are any less addictive than traditional tobacco. This is a shameful and stigmatizing use of a technology that could be very valuable in modern medicine.
Many types of medication have been found to be more potent and effective when inhaled as a vapor. Several anti-histamines are commonly administered as a nasal spray to take advantage of the ability of mucous membranes to absorb medications quickly. Inhaled medications (steroid vapors, for instance) are an essential part of long term asthma treatment. In theory, many other kinds of medications could benefit from a vapor delivery system. The problem now, however, is that every e-cigarette will be assumed to be charged with nicotine. The most valuable uses of these devices will stigmatize patients, and they will like be banned from schools and similar public places, regardless of their medical value. A track record of this has already been established in a few instances where insulin was banned in certain public schools, because the hypodermic needles used in administering the life sustaining drug are the same as needles used in administering heroin. E-Cigarettes are likely to share the same fate, only this time, the medical industry as a whole may choose to avoid the use of this incredibly valuable technology, because its first public use was to administer nicotine.
E-Cigarettes are some awesome technology, and they could easily be the realization of futuristic drug administration, for completely legitimate pharmaceuticals. They could make a number of vapor born drugs that are currently difficult to administer easier and cheaper to use. E-Cigarettes might even use useful as an alternative means of administering certain vaccines. These devices should be the next medical break through. Vapor administration of legitimate pharmaceuticals could be easier and safer than current means, and we should be taking advantage of this technology for something good.
Many types of medication have been found to be more potent and effective when inhaled as a vapor. Several anti-histamines are commonly administered as a nasal spray to take advantage of the ability of mucous membranes to absorb medications quickly. Inhaled medications (steroid vapors, for instance) are an essential part of long term asthma treatment. In theory, many other kinds of medications could benefit from a vapor delivery system. The problem now, however, is that every e-cigarette will be assumed to be charged with nicotine. The most valuable uses of these devices will stigmatize patients, and they will like be banned from schools and similar public places, regardless of their medical value. A track record of this has already been established in a few instances where insulin was banned in certain public schools, because the hypodermic needles used in administering the life sustaining drug are the same as needles used in administering heroin. E-Cigarettes are likely to share the same fate, only this time, the medical industry as a whole may choose to avoid the use of this incredibly valuable technology, because its first public use was to administer nicotine.
E-Cigarettes are some awesome technology, and they could easily be the realization of futuristic drug administration, for completely legitimate pharmaceuticals. They could make a number of vapor born drugs that are currently difficult to administer easier and cheaper to use. E-Cigarettes might even use useful as an alternative means of administering certain vaccines. These devices should be the next medical break through. Vapor administration of legitimate pharmaceuticals could be easier and safer than current means, and we should be taking advantage of this technology for something good.
03 January 2015
Account Proliferation
Now days, when you get a job in an industry that pays half decent wages, they typically require you to setup an account with some web services. Maybe it's Dropbox. Perhaps it is Google. One is probably a project or schedule management tool. There are also plenty of job specific services you might need. For software development, you will probably need an account with Github or some other software subversion repository. Just to get a decent job, you typically need at least a Facebook account and a LinkedIn account. If you change jobs, your new job will probably use a slightly different set of services, requiring you to setup several more accounts. During your lifetime, you may go through 5 or 6 jobs (and that number seems to be increasing). If each job requires you to sign up for 3 different web services, you will have 15 to 18 of them by you retire. You will probably forget about at least half of them. Most of the other half will be useless to a retiree
If you decide to get a college degree, you will also see this problem. Your English teacher will probably expect you to sign up for an account with an anti-plagiarism service. Your math teacher might encourage you to sign up for a free tutoring service, and advanced math teachers will want you to get an account with some company so you can get the student edition of their math software for cheap or free (and then you will be stuck only knowing how to use an extremely expensive piece of proprietary software; that's another discussion). Many teachers like file repository software like Dropbox, but every teacher likes something different, so expect to be required to sign up for 2 to 4 of these services (or more, depending on the major). There are also major specific services you may need. For Computer Science, you will probably be expected to get a Github account and maybe an Amazon Web Services account. For any kind of art related major, you can expect to sign up for an account with at least one website that serves as an art repository and gallery, like Deviant Art or Flickr. You may also be expected to get an account with some popular art forum (though, again, different teachers will prefer different options). In Electric Engineering, you will probably be expected to sign up for an account with at least one company that produces complex components like micro-controllers, for access to programming libraries, tutorials, and datasheets. In Physical Education or any other health related discipline, you will probably need accounts for various medical sites, maybe a few forums, and possibly some nutritional data repositories. Communications majors will likely be required to sign up for at least 20 accounts, including social media services, web forums, and even advertising services. Depending on your major, you could end up with 5 or 10 more accounts. Now, admittedly, some of them will be necessary for your jobs when you graduate, but again, while there is some overlap, it is very common for different employers to use different services. As before, probably at least half of them will be useless once you graduate.
Now, this might seem like a trivial and benign problem. Unfortunately, it is not. There are many problems this causes. The least harmful is the extra space taken up by unused accounts. Every account for a web service uses some amount of storage space. There are already a huge number of unused accounts spread over the internet, wasting a lot of space. This is fairly easily mitigated though. Service providers can delete accounts that have been inactive for a certain period of time. If they want to keep the accounts open, just in case, they can buy more storage space, and when the cost is spread out among a large number of services, it can seem pretty small. This is a problem, but it is not a critical one.
A worse problem is privacy. If you have 20 accounts with different web services, you have probably already forgotten about half of them, unless you use them all very regularly. All of those accounts hold some amount of your private information. I'll discuss the security related things later, but for now, let us look at information that could be misused, but which is not a critical security risk. The first, and most obvious one is credit card information. Skirting around the subject of security (you did willingly give this information to these services), credit card data can be used in many ways. It could be used to run credit checks. It could be used to track you and your purchasing behavior. Some of this is easy, some is more difficult, but a lot of this is possible and legal if you willingly gave the company your information. Your physical address, phone numbers, and email address are all private information that could be misused without breaking the law, if you provided them willingly. Some of these services might suddenly decide to start sending you ads a few years down the road, when their business is struggling. You might get junk mail and telemarketing calls as well. If one of these services is bought out, the buyer might decide to sell your personal information (not necessarily legal, if the original company agreed not to, but it happens anyway). This is not necessarily a critical problem, but it could definitely cause a lot of inconvenience.
The worst problem is security. We have discussed legitimate abuse of private information and some illegitimate abuse that is only indirectly related to security. Security itself is not just about abuse by the service provider though. The more accounts you have, the higher the odds are that at least one provider has poor security. In fact, a majority of web services use security that is well below the accepted security standards for web. Even something as simple as how your password is stored on their server can make a huge difference. It is a well known fact that a vast majority of people use the same password or small set of passwords for all of their accounts. If a hacker can get your password from the most trivial site, he can probably use it to hack into all of your other accounts. If you have 10 or 20 different accounts, the odds that one of them has fairly weak security is very high. All it takes is one. The more accounts you have, the worse your odds are for getting hacked on all of your accounts. This can give an attacker access to all of the private information you have on all of your accounts. And, hackers do not have business ethics, high legal liability, and high profiles like the service providers do, so they are far less likely to avoid abuses of your data. In fact, this is one of the most common techniques used by identity thieves to get your private information. They don't have to hack into your bank. They just have to hack into that Sony account to get your password, which they can then use to log into your bank account with ease, regardless of your bank's security.
There are ways to mitigate all of these. The first is up to the service providers, and it only affects end users by increasing the prices of paid services. The second can be mitigated by researching service providers before signing up for accounts (though, your employer or professor may still insist) and by asking for service providers to cancel your accounts and delete your information when you are done using them. There is no law stating that they have to comply (this may be in the works though), and in some cases, the law may even require them to retain records, but many providers will comply when they can legally do so. The third can be mitigated by always using different usernames and passwords for every account. Good luck with this though. Password managers can help, but they just shift the point of weakness. Remembering 20 passwords is extremely difficult, so you may be tempted to write them all down, but that is often worse than a password manager. Using one really good password can also help a little, but if someone hacks the service provider's database, it will not matter how good your password is. The only fool proof solution is to have 20 highly secure and totally different passwords, and then to memorize them all. Like I said, good luck.
This is actually a pretty big problem. A lot of people in positions of authority think it is appropriate to impose security risks on other people, without any accountability. If an employer or professor requires you to use an insecure service, there is no responsibility for harm caused if your information is misused. If you do your research and find that a certain service is a high risk, typically your only option will be to quit your job or drop the class. If the class is required for your major, you might have to switch majors to avoid the security risk. If you are lucky, you might find sympathy, but often people are so set in their ways that they will risk the safety of everyone else to avoid change. This is a very serious problem, and anyone involved in perpetuating it should seriously consider the consequences.
I understand that many times, the use of web services is valuable and even necessary. This does not justify putting others at risk though. Those choosing what services to use, and those approving such decisions, have a moral responsibility to make sure that those services meet accepted security standards. Those being required to use such services should also make sure they meet accepted standards, and when they do not, those people should band together in protest. Frankly, I think colleges should regulate what services professors are allowed to make mandatory. If a professor needs a file repository service, the school should provide an option that it has verified as compliant with accepted security standards. The school does not need to run the service (in fact, in my experience colleges are often poor at running such services internally). It just needs to have a standard in place. If a professor chooses to use a service that is outside of school policy, there should a policy specifically exempting students from being required to use that service as a condition of their grade (and the professor should be required to notify students of this policy wherever such a service is used). In other words, use of such a service should be optional, and students should not be expected to have any knowledge or understanding of course material that is offered only through unapproved services (note that this article is about services that require accounts, not free services that do not require accounts). (Obviously, colleges doing this should also have an approval procedure to add services to the list.) Businesses would do well to also adopt policies requiring security assessments of any service that is required as part of the job, and no service which has not passed such an assessment should be allowed to be used as a mandatory part of the work. In short, people in positions of authority over others should have some sort of regulations set in place to avoid putting their subordinates at risk. Sometimes such regulations will fail (even following accepted security standards does not make a site immune to hacking, just much more resistant), but this is not an excuse to avoid them altogether. No one should be allowed to put someone else at undue risk as a condition of their education or employment without any accountability.
If you decide to get a college degree, you will also see this problem. Your English teacher will probably expect you to sign up for an account with an anti-plagiarism service. Your math teacher might encourage you to sign up for a free tutoring service, and advanced math teachers will want you to get an account with some company so you can get the student edition of their math software for cheap or free (and then you will be stuck only knowing how to use an extremely expensive piece of proprietary software; that's another discussion). Many teachers like file repository software like Dropbox, but every teacher likes something different, so expect to be required to sign up for 2 to 4 of these services (or more, depending on the major). There are also major specific services you may need. For Computer Science, you will probably be expected to get a Github account and maybe an Amazon Web Services account. For any kind of art related major, you can expect to sign up for an account with at least one website that serves as an art repository and gallery, like Deviant Art or Flickr. You may also be expected to get an account with some popular art forum (though, again, different teachers will prefer different options). In Electric Engineering, you will probably be expected to sign up for an account with at least one company that produces complex components like micro-controllers, for access to programming libraries, tutorials, and datasheets. In Physical Education or any other health related discipline, you will probably need accounts for various medical sites, maybe a few forums, and possibly some nutritional data repositories. Communications majors will likely be required to sign up for at least 20 accounts, including social media services, web forums, and even advertising services. Depending on your major, you could end up with 5 or 10 more accounts. Now, admittedly, some of them will be necessary for your jobs when you graduate, but again, while there is some overlap, it is very common for different employers to use different services. As before, probably at least half of them will be useless once you graduate.
Now, this might seem like a trivial and benign problem. Unfortunately, it is not. There are many problems this causes. The least harmful is the extra space taken up by unused accounts. Every account for a web service uses some amount of storage space. There are already a huge number of unused accounts spread over the internet, wasting a lot of space. This is fairly easily mitigated though. Service providers can delete accounts that have been inactive for a certain period of time. If they want to keep the accounts open, just in case, they can buy more storage space, and when the cost is spread out among a large number of services, it can seem pretty small. This is a problem, but it is not a critical one.
A worse problem is privacy. If you have 20 accounts with different web services, you have probably already forgotten about half of them, unless you use them all very regularly. All of those accounts hold some amount of your private information. I'll discuss the security related things later, but for now, let us look at information that could be misused, but which is not a critical security risk. The first, and most obvious one is credit card information. Skirting around the subject of security (you did willingly give this information to these services), credit card data can be used in many ways. It could be used to run credit checks. It could be used to track you and your purchasing behavior. Some of this is easy, some is more difficult, but a lot of this is possible and legal if you willingly gave the company your information. Your physical address, phone numbers, and email address are all private information that could be misused without breaking the law, if you provided them willingly. Some of these services might suddenly decide to start sending you ads a few years down the road, when their business is struggling. You might get junk mail and telemarketing calls as well. If one of these services is bought out, the buyer might decide to sell your personal information (not necessarily legal, if the original company agreed not to, but it happens anyway). This is not necessarily a critical problem, but it could definitely cause a lot of inconvenience.
The worst problem is security. We have discussed legitimate abuse of private information and some illegitimate abuse that is only indirectly related to security. Security itself is not just about abuse by the service provider though. The more accounts you have, the higher the odds are that at least one provider has poor security. In fact, a majority of web services use security that is well below the accepted security standards for web. Even something as simple as how your password is stored on their server can make a huge difference. It is a well known fact that a vast majority of people use the same password or small set of passwords for all of their accounts. If a hacker can get your password from the most trivial site, he can probably use it to hack into all of your other accounts. If you have 10 or 20 different accounts, the odds that one of them has fairly weak security is very high. All it takes is one. The more accounts you have, the worse your odds are for getting hacked on all of your accounts. This can give an attacker access to all of the private information you have on all of your accounts. And, hackers do not have business ethics, high legal liability, and high profiles like the service providers do, so they are far less likely to avoid abuses of your data. In fact, this is one of the most common techniques used by identity thieves to get your private information. They don't have to hack into your bank. They just have to hack into that Sony account to get your password, which they can then use to log into your bank account with ease, regardless of your bank's security.
There are ways to mitigate all of these. The first is up to the service providers, and it only affects end users by increasing the prices of paid services. The second can be mitigated by researching service providers before signing up for accounts (though, your employer or professor may still insist) and by asking for service providers to cancel your accounts and delete your information when you are done using them. There is no law stating that they have to comply (this may be in the works though), and in some cases, the law may even require them to retain records, but many providers will comply when they can legally do so. The third can be mitigated by always using different usernames and passwords for every account. Good luck with this though. Password managers can help, but they just shift the point of weakness. Remembering 20 passwords is extremely difficult, so you may be tempted to write them all down, but that is often worse than a password manager. Using one really good password can also help a little, but if someone hacks the service provider's database, it will not matter how good your password is. The only fool proof solution is to have 20 highly secure and totally different passwords, and then to memorize them all. Like I said, good luck.
This is actually a pretty big problem. A lot of people in positions of authority think it is appropriate to impose security risks on other people, without any accountability. If an employer or professor requires you to use an insecure service, there is no responsibility for harm caused if your information is misused. If you do your research and find that a certain service is a high risk, typically your only option will be to quit your job or drop the class. If the class is required for your major, you might have to switch majors to avoid the security risk. If you are lucky, you might find sympathy, but often people are so set in their ways that they will risk the safety of everyone else to avoid change. This is a very serious problem, and anyone involved in perpetuating it should seriously consider the consequences.
I understand that many times, the use of web services is valuable and even necessary. This does not justify putting others at risk though. Those choosing what services to use, and those approving such decisions, have a moral responsibility to make sure that those services meet accepted security standards. Those being required to use such services should also make sure they meet accepted standards, and when they do not, those people should band together in protest. Frankly, I think colleges should regulate what services professors are allowed to make mandatory. If a professor needs a file repository service, the school should provide an option that it has verified as compliant with accepted security standards. The school does not need to run the service (in fact, in my experience colleges are often poor at running such services internally). It just needs to have a standard in place. If a professor chooses to use a service that is outside of school policy, there should a policy specifically exempting students from being required to use that service as a condition of their grade (and the professor should be required to notify students of this policy wherever such a service is used). In other words, use of such a service should be optional, and students should not be expected to have any knowledge or understanding of course material that is offered only through unapproved services (note that this article is about services that require accounts, not free services that do not require accounts). (Obviously, colleges doing this should also have an approval procedure to add services to the list.) Businesses would do well to also adopt policies requiring security assessments of any service that is required as part of the job, and no service which has not passed such an assessment should be allowed to be used as a mandatory part of the work. In short, people in positions of authority over others should have some sort of regulations set in place to avoid putting their subordinates at risk. Sometimes such regulations will fail (even following accepted security standards does not make a site immune to hacking, just much more resistant), but this is not an excuse to avoid them altogether. No one should be allowed to put someone else at undue risk as a condition of their education or employment without any accountability.
Subscribe to:
Posts (Atom)