Judge Not, Lest Ye Be Deleted

An associate justice of the Philippines Supreme Court, Antonio Carpio, recently suggested that judges who are computer-illiterate should be fired “for gross ignorance.” [http://news.inq7.net/infotech/index.php?index=1&story_id=73852] The joking, but edged, remark is a reflection of a serious commitment by the Supreme Court to complete the computerization and Internet connection of all Philippine courts by 2007.

The court, according to Justice Carpio, wants to move all of the country’s 1,583 justices and judges toward use of an e-library (see http://www.supremecourt.gov.ph/elibrary/HTML/Advisory/Advisory_Guidelines.htm) to which all judges would have access in researching and writing their decisions, and to eliminate printed copies of its own decisions and circulars once all judges are computer-literate. To that end, the Supreme Court has a computer-literacy program for judges. Although newer judges get hands-on computer training before taking the bench, the Supreme Court’s chief librarian, Milagros Ong, commented that their concern is “more for old appointees who may not know how to open a compact disc or surf the Internet."

Telling judges that some of them are computer-illiterate is like the old lawyers’ gag of referring to a particular judge as Judge Necessity because “Necessity knows no law.” Both remarks are less likely to cause offense to judges if it’s another judge making the remarks. But computer literacy in any country’s judicial system is actually important not only for improving general research and communications, but for increasing the visibility, transparency, and credibility of that judicial system
as a whole.

When USAID funds and supports computer-literacy training for Afghan judges and court personnel http://www.usaid.gov/locations/asia_near_east/afghanistan/
weeklyreports/072305_report.html ), for example, it improves the odds that others in Afghanistan and elsewhere will perceive the Afghan judiciary as a credible and stable component of government. And when the Philippines (or any other country, for that matter), publishes its judicial decisions electronically, it increases the access to those decisions by lawyers and legal scholars in many parts of the world. Anything that enhances the access to, and visibility of, published judicial decisions for the public and the legal profession is likely to enhance the transparency and respectability of those decisions.

Share and Share a Like

According to the Japan Times, the Mainichi Shimbun, one of the leading newspapers in Japan, announced that information on about 66,000 subscribers had “leaked” onto the Internet via the file-sharing program Share. (See http://search.japantimes.co.jp/cgi-bin/nn20060428a3.html.) The subscriber data – which reportedly included only “names, addresses, phone numbers, dates of birth and e-mail addresses, but no financial information” – were from a newspaper readers’ club called Mainichi Friend, which was closed in March 2006.

The data security vulnerability, however, apparently stemmed not from vulnerabilities in Mainichi’s own in-house systems, but from the actions of a Mainichi employee, who (for reasons not explained) moved the data to his own computer, which had Share installed. At some later date, it is believed, the employee’s computer was infected with a virus. The employee was quoted as saying “that he never thought his PC was infected.” The Japan Times also reported that Trend Micro officials characterized this case as the first major incident involving data “leakage” due to Share.

The Mainichi incident provides yet another example (not that another is needed) of how enterprises of all types, in all regions of the world, need to conduct continuous elementary data-security training for their officers and employees. The idea that it would be permissible or appropriate to move large quantities of customer data from enterprise systems to a personal computer is itself troubling, but the employee’s comment that he never thought his computer was infected is even more so.

The Japan Times doesn't say what data-security training Mainichi gives its employees, but the incident reaffirms that employees should be told at least three things as a part of such training: (1) they have no business taking enterprise data of any kind and putting it on their home computers without explicit permission from a supervisor (who, by the way, should be educated about the risks before giving such permission); (2) file-sharing, on enterprise or home computers, poses significant risks to the security of everything on those computers; and (3) if they install any file-sharing program on any computer that handles enterprise data, they will be terminated. As the Mainichi Shimbun found out to its regret, allowing someone to drop personal identifying information into a system with file-sharing installed is like the high-school kid’s prank of dropping a block of sodium into a toilet: the results can be dramatic, messy, and unpleasant to clean up.

Fretting About the Future

An April 18 Financial Times article about the resurgence of the U.S. guitar manufacturer Gibson Guitar (http://news.ft.com/cms/s/39e1ac52-ce77-11da-a032-000079e2340.html) reports that the owner, Henry Juszkiewicz, "is also planning a digital future for Gibson, which this summer plans to introduce its first digital guitar -- fitted with a high-tech pickup that converts the sound of each string into bits and bytes. Ultimately, Mr Juszkiewicz sees Gibson upgrading the guitar's electronics with plug-in expansion cards. Players would buy the cards in the same way that computer users upgrade software, creating a new and potentially lucrative business." This kind of innovation would be truly noteworthy.

Hand(cuff)s Across the Sea

The Register reported yesterday that a 24-year-old Spanish man, José Manuel García Rodríguez, has been extradited from Argentina to Spain to stand trial on cybercrime-related charges stemming from his allegedly stealing hundreds of thousands of euros from online bank accounts. (http://www.theregister.co.uk/2006/04/11/argentina_extradites_spanish_hacker/)

Identity Theft and Statistics 101

"Facts are stubborn things," Mark Twain once wrote, "but statistics are more pliable." Not more so than public understanding of statistics, if one is to judge from initial reactions to the recent Bureau of Justice Statistics report on identity theft-related survey data (at http://www.ojp.usdoj.gov/bjs/pub/pdf/it04.pdf). Here are some of the more egregious errors in reporting on the BJS data:

- According to ConsumerAffairs.com, "The repport [sic] found that 3.6 million Americans were affected by identity theft in 2004, a significant drop from a similar report issued conducted [sic] by the Federal Trade Commission (FTC)." (http://www.consumeraffairs.com/news04/2006/04/id_theft_stats02.html) It is hard to imagine a more careless misreading of the data. First, the BJS bulletin plainly refers to 3.6 million households -- not individuals. Second, it notes that in those households, "at least one member of the household had been the victim of identity theft during the previous 6 months." Thus, 3.6 million is the minimum (not the maximum) possible number of victims, based on the survey data. Third, if the article is referring to the only identity theft survey conducted for the FTC, Synovate issued that survey in September 2003, using random-digit-dialing survey data from March and April 2003. (http://www.ftc.gov/os/2003/09/synovatereport.pdf) In that survey, 4.6 percent of survey respondents, which the survey extrapolates to nearly 10 million Americans, reported that they had been victims of identity theft within the past year. By contrast, the BJS survey dealt only with identity theft victimization within the previous six months. It is highly probable (to say the least) that the number of people who have had any kind of experience -- identity theft, a meeting with a college roommate, a traffic accident -- within one year's time will be greater than the number of people who have had that same kind of experience within six months' time. At any rate, there is no valid basis for concluding, on the basis of these two surveys, that the BJS data represent "a significant drop" from the Synovate data.

- The headline for a SecurityProNews article on the BJS survey data declared in red letters: "Identity Theft 20X Bigger Problem Than Reported." (http://www.securitypronews.com/news/securitynews/spn-45-20060410IdentityTheft20XBiggerProblemThanReported.html) Actually, no, on two grounds. First, if the calculation is based on the 3.6 million households divided by the 246,847 identity-theft complaints filed with the FTC for 2004, identity theft is only a "14.58X Bigger Problem." Nothing else in the article supports the 20X figure. Second, if -- instead of mixing apples and oranges by dividing the number of households by the number of individuals who filed complaints -- the article had divided the 246,847 complaints into the 9.3 million individuals who reportedly were identity-theft victims in 2004, based on a Better Business Bureau - Javelin Strategy survey (see http://www.javelinstrategy.com), the headline should have read: "Identity Theft 37.68X Bigger Problem Than Reported." As for the article itself, it stated that the BJS report "reveals that the [FTC's] initial 2004 identity theft report missed severely missed [sic] the mark, according to the National Crime Prevention Center [sic] (NCPC)." Again, no. If a report accurately states the number and types of complaints to a government agency about a particular problem, that report does not "miss the mark" merely because the majority of people who experience that problem do not complain about it to that agency. The complaint data are what they are. Because the FTC has never claimed that the complaints it receives reflect the true incidence of identity theft, the "misses the mark" comment is unwarranted.

- An E-Commerce Times article states that the BJS numbers "suggest that the incidence of identity theft might be lower than what has been reported in the past." (http://www.ecommercetimes.com/story/Cr3GF4pG2kKwjx/DoJ-Identity-Theft-Touches-Millions-in-US.xhtml) This statement is more carefully couched, but still subject to misinterpretation. Because the survey addresses households rather than individuals, and the number of individuals per household can range from one to ten or more, there is a range of possibilities as to the prevalence of identity theft. If one takes the low end of that range, then 3.6 million individuals would be victims of identity theft. But if one takes the average number of persons per household, 2.59, based on 2000 U.S. Census data (http://quickfacts.census.gov/qfd/states/00000.html), and multiplies that by the 3.6 million households, there could have been as many as 9.3 million identity-theft victims -- coincidentally, the same number of victims that the BBB - Javelin survey found for 2004. The only thing that the BJS data "suggest" is what can be directly inferred from those data. Followup studies by BJS for later periods will be necessary before reliable conclusions can be drawn about possible trends in the prevalence of identity theft.

The Gold of Our Error #1

An April 9 report by Zeenews.com (at http://www.zeenews.com/znnew/articles.asp?aid=287220&sid=WOR) states that in a study of 184 countries around the world, the International Centre for Missing Exploited Children, in cooperation with Interpol, found that 138 countries did not criminalize the possession of child pornography and 122 countries have no law that specifically addresses the distribution of child pornography by computer and the Internet. Zeenews also states that the only countries with legislation comprehensive enough to have a meaningful impact on the crime are Australia, Belgium, France, South Africa, and the United States.

Why The Title?

The phrase is from Robert Penn Warren's poem Evening Hawk. The first 11 lines are:
From plane of light to plane, wings dipping through
Geometries and orchids that the sunset builds,
Out of the peak's black angularity of shadow, riding
The last tumultuous avalanche of
Light above pines and the guttural gorge,
The hawk comes.
His wing
Scythes down another day, his motion
Is that of the honed steel-edge, we hear
The crashless fall of stalks of Time.

The head of each stalk is heavy with the gold of our error.