January 18, 2025

Posts Comments

A Roadmap for Forgers

September 28, 2004 by

In the recent hooha about CBS and the forged National Guard memos, one important issue has somehow been overlooked – the impact of the memo discussion on future forgery. There can be no doubt that all the talk about proportional typefaces, superscripts, and kerning will prove instructive to would-be amateur forgers, who will know not to repeat the mistakes of the CBS memos’ forger. Who knows, some amateur forgers may even figure out that if you want a document to look like it came from a 1970s Selectric typewriter, you should type it on a 1970s Selectric typewriter. The discussion, in other words, provides a kind of roadmap for would-be forgers.

This kind of tradeoff, between open discussion and future security worries, is common with information security issues – and this is a infosecurity issue, since it has to do with the authenticity of records. Any discussion of the pros and cons of a particular security system or artifact will inevitably reveal information useful to some hypothetical bad guy.

Nobody would dream of silencing the CBS memos’ critics because of this; and CBS would have been a laughingstock had it tried to shut down the discussion by asserting future forgery fears. But in more traditional infosecurity applications, one hears such arguments all the time, especially from the companies that, like CBS, face embarrassment if the facts are disclosed.

What’s true with CBS is true elsewhere in the security world. Disclosure teaches the public the truth about the situation at hand (in this case the memos), a benefit that shouldn’t be minimized. Even more important, disclosure deters future sloppiness – you can bet that CBS and others will be much more careful in the future. (You might think that the industry should police itself so that such deterrents aren’t necessary; but experience teaches otherwise.)

My sense is that it’s only the remote and mysterious nature, for most people, of cybersecurity that allows the anti-disclosure arguments to get traction. If people thought about most cybersecurity problems in the same way they think about the CBS memos, the cybersecurity disclosure argument would be much healthier.

Filed Under: Uncategorized Tagged With:

Conservative Group Takes Conservative Position on Induce Act

September 27, 2004 by

The American Conservative Union, an influential right-wing group, has announced its opposition to the Induce Act, and is running ads criticizing those Republicans who support the Act. This should not be surprising, for opposition to the Act is a natural position for true conservatives, who oppose government regulation of technology products and support a competitive marketplace for technology and entertainment.

One sometimes hears the claim that conservatives should support the Induce Act, because that’s what big business wants. But thoughtful conservatives support free markets, not giveaways to specific business sectors. And conservatives who understand the economy know that the Induce Act is supported by a few businesses, but opposed by many more, and that the opponents – the computer, electronics, Internet, and software industries – account for a larger and more dynamic portion of the economy than the supporters do.

The Induce Act is a nice litmus test for self-described conservative lawmakers. They can support the Act, and confirm the criticism that conservatism is just a fig-leaf for corporate welfare. Or they can oppose the Act and confirm their own claims to stand for competition and the free market.

The ACU sees this choice for what it is, and opposes the Induce Act. Let’s hope that more conservatives join them.

Filed Under: Uncategorized Tagged With:

The Least Objectionable Content Labeling System

September 24, 2004 by

Today I’ll wrap up Vice Week here at Freedom to Tinker with an entry on porn labeling. On Monday I agreed with the conventional wisdom that online porn regulation is a mess. On Tuesday I wrote about what my wife and I do in our home to control underage access to inappropriate material. Today, I’ll suggest a public approach to online porn that might possibly do a little bit of good. And as Seth Finkelstein (a.k.a. Eeyore, a.k.a. The Voice of Experience) would probably say, a little bit of good is the best one can hope for on this issue. My approach is similar to one that Larry Lessig sketched in a recent piece in Wired.

My proposal is to implement a voluntary labeling scheme for Web content. It’s voluntary, because we can’t force overseas sites to comply, so we might as well just ask people politely to participate. Labeling schemes tend not to be adopted if the labels are complicated, or if the scheme requires all sites to be labeled. So I’ll propose the simplest possible labels, in a scheme where the vast majority of sites need no labels at all.

The idea is to create a label, which I’ll call “adultsonly” (Lessig calls it “porn” but I think that’s imprecise). Putting the adultsonly tag on a page indicates that the publisher requests that the page be shown only to adults. And that’s all it means. There’s no official rule about when material should be labeled, and no spectrum of labels. It’s just the publisher’s judgment as to whether the material should be shown to kids. You could label an entire page by adding to it an adultsonly meta-tag; or you could label a portion of a page by surrounding it with “adultsonly” and “/adultsonly” tags. This would be easy to implement, and it would be backward compatible since browsers ignore tags that they don’t understand. Browsers could include a kids-mode that would hide all adultsonly material.

But where, you ask, is the incentive for web site publishers to label their racy material as adultsonly? The answer is that we create that incentive by decreeing that although material published on the open Internet is normally deemed as having been made available to kids, any material labeled as adultsonly will be deemed as having been made available only to adults. So by labeling its content, a publisher can ensure that the content’s First Amendment status is determined by the standard obscenity-for-adults test, rather than the less permissive obscenity-for-kids test. (I’m assuming that such tests will exist and their nature will be determined by immovable politico-legal forces.)

This is a labeling scheme that even a strict libertarian might be able to love. It’s simple and strictly voluntary, and it doesn’t put the government in the business of establishing fancy taxonomies of harmful content (beyond the basic test for obscenity, which is in practice unchangeable anyway). It’s more permissive of speech than the current system, at least if that speech is labeled. This is, I think, the least objectionable content labeling system possible.

Filed Under: Uncategorized Tagged With:

Bots Play Backgammon Too

September 23, 2004 by

Responding to my entry yesterday about pokerbots, Jordan Lampe emails a report from the world of backgammon. Backgammon bots play at least as well as the best human players, and backgammon is often played for money, so the temptation to use bots in online play is definitely there.

Most people seem to be wary of this practice, and the following
countermeasures have been developed (not necessarily exclusive or all
used by the same person)

1) Don’t play for money; only play for fun
2) Play money only against people you know [well]
3) Against somebody who takes a long time after every move, you are
suspicious that they are plugging their moves into computers
4) At the end of the game, you can analyze your game with one of the
computer programs. It turns out that all the computers rate each
other’s play very highly, with an error rate of 0-1.5 “millipoints” per
move. If you get a rate of exactly 0 you can be dead certain they are
using the same computer program. Computers rate the best humans in the
world in the 3-4 range. In any case, if your opponent is using a
computer program to decide all his moves it is fairly easy to tell after
only a few games, and then avoid playing with that player any more.
5) Some players take the attitude, “if I lose, at least I’ll have
learned something” and therefore ignore if they are playing bots
6) Using a bot to help you win is, well, boring, and so it doesn’t
happen that much anyway

Having played a lot of poker and backgammon in my day, I suspect that distinguishing human play from computer play would be harder in poker than it is in backgammon. For one thing, in backgammon you always know what information your opponent had in choosing a certain move (both players have the same information at all times); but in poker you may never know what your opponent knew or believed at a particular point in time. Also, a good poker player is always trying to frustrate opponents’ attempts to build mental models of his decision processes; this type of misdirection, which a good bot will emulate by using randomized algorithms, will make it harder to distinguish similar styles of play.

Jordan identifies another factor that several poker players mentioned as well: the fact that most gambling income is made by separating weak players from their money. As long as there are enough “fish”, all of the sharks, whether human or not, will feast. When the stakes get high, the fish will be driven out; but at low stakes, good human players may still make money.

Filed Under: Uncategorized Tagged With:

Online Poker and Unenforceable Rules

September 22, 2004 by

Computerized “bots” may be common in online poker games according to a Mike Brunker story at MSNBC.com. I have my doubts about the prevalence today of skillful, fully automated pokerbots, but there is an interesting story here nonetheless.

Most online casinos ban bots, but there is really no way to enforce such a rule. Already, many online players use electronic assistants that help them calculate odds, something that world-class players are adept at doing in their heads. Pokerbot technology will only advance, so that even if bots don’t outplay people now, they will eventually. (The claim, sometimes heard, that computers cannot understand bluffing in poker, is incorrect. Game theory can predict and explain bluffing behavior. A good pokerbot will bluff sometimes.)

Once bots are better than people, it’s hard to see why a rational person, with real money at stake, would fail to use a bot. Sure, watching your bot play is less fun than playing yourself; but losing to a bunch of bots isn’t much fun either. Old-fashioned human vs. human play will still be seen in very-low-stakes online games, where it’s not worth the trouble of deploying a bot, and in in-person games where the non-botness of players can be checked.

The online casinos are kidding themselves if they think they can enforce a no-bots rule. How can they tell what a player is doing in the privacy of his own home? Even if they can tell that a human’s hands are on the keyboard, how can they tell whether that human is getting advice from a bot?

The article discusses yet another unenforceable rule of online poker: the ban on collusion between players. If two or more players simply show each other their cards, they gain an advantage over the others at the table. There’s no way for an online casino to prevent players from conducting back-channel communications, so a ban on collusion is impossible to enforce.

By reiterating their anti-bot and anti-collusion rules, and by claiming to have mysterious enforcement mechanisms, online casinos may be able to stem the tide of cheating for a while. But eventually, bots and collusion will become the norm, and lone human players will be driven out of all but the lowest stakes games.

But there is another strategy. An online casino could encourage bots, and even set up bots-only games. The game would then become not a human vs. human card game but a human vs. human battle between bot designers for geekly mastery. I’ll bet there are plenty of programmers out there who would like to give it a try.

Filed Under: Uncategorized Tagged With: