a_cubed: (Wolf)

I know at least one of my LJ friends will have sympathy with this one. I’ve received the proofs for a new journal article(*). While most of the comments are reasonable there’s a pair that are rather stupid when taken together. In the paper we reference this paper:

Dick , A . R . and Brooks , M . J . ( 2003 ) Issues in automated visual surveillance . In: Sun e t al (eds .) .

which as anyone who udnerstands referencing can see then cross-references:

Sun , C . , Talbot , H . , Ourselin , S . and Adriaansen , T . (eds). ( 2003 ) Proceedings of the Seventh International Conference on Digital Image Computing: Techniques and Applications, DICTA 2003, 10 – 12 December 2003, Macquarie University, Sydney, Australia . CSIRO Publishing .

The copy editors have separately asked:

Please provide further publication details in the reference Dick and Brooks (2003).


Reference Sun et al (2003) not cited in the text. Please cite in the text, else delete from the reference list.



(*) From my web page “News” section about this paper: A joint paper with Dr James Ferryman of the School of Systems Engineering, University of Reading has just been accepted by Security Journal. The pre-print of The Future of Video Analystics for Surveillance and Its Ethical Implications is available from the The Open Depot.

Current Mood: (pissed off) pissed off
Current Music: None

Originally published at blog.a-cubed.info

a_cubed: (Default)

Academia.edu (an academoc networking site) has an interesting alert service whereby they email anyone whose page is accessed with a referrer URL from one of the main search engines, and give the search terms, the search engine and, where available (from the web server log of academia.edu rather than from the search engine), the country from which my page was accessed. It’s interesting to see how people find me and from where. Yesterday I got such an alert where one of my papers was found via a search on a minor paraphrasing of one of the significant sentences (i.e. not a linking piece of text but one of the presentations of the core ideas in the paper). Thinking about how I’ve worked in the past, I suspect this was an academic checking for plagiarism in a piece of student work that has made them suspicious.

Current Mood: awake
Current Music: None

Originally published at blog.a-cubed.info

a_cubed: (Default)

Having written far too many emails explaining my views on how academia can best move to toll-free access to the scholarly literature (often abbreviated as Open Access) I have written this up on my web site: How to Achieve OA.

Current Mood: (accomplished) accomplished
Current Music: Ghost in the Shell 2: Innocence Soiundtrack

Originally published at blog.a-cubed.info


Jun. 27th, 2012 01:39 pm
a_cubed: (Default)

It’s somewhat ironic that Japan’s National Institute of Informatics requires paper submission of job applications. So, ten page application form, three copies of three papers (ranging from eight to 23 pages), covering letter and trwo references hand-submitted (their offices are five minutes walk from my current workplace, so I figured it was better to drop it of in person than run any risk with the post. I’m told they get 150 applicants per year for the one or two posts they appoint, so this is a long shot.

Current Mood: (accomplished) accomplished
Current Music: Avatar Soundtrack

Originally published at blog.a-cubed.info

a_cubed: (Default)

One of my current research projects (DESVALDO, funded by the CIGREF Foundation) involves surveying people about their use of digital data. While our primary target is non-expert computer users, expert users are also welcome to take it. This is the survey.

Current Mood: (curious) curious
Current Music: None

Originally published at blog.a-cubed.info

a_cubed: (Default)

Ross Anderson, Cambridge

Deception: Would personalising payment pages reduce small scale fraud?

How is being watched by humans different to being watched by software?

Blackstone: The law is the long march from status to contract. Are we now towards the end of the long march from honour codes to ubiquitous technical surveillance?

Dave Clark, MIT

Reactions to Prior Talks

A lot of the stories we tell are move/counter-move systems? Why are we in an equilibrium and it’s not that one side won? Perhaps it’s just that if one side won, the question is not interesting.

The way to reduce crime is not to build perfect systems, but to make sure crime doesn’t pay.

Peter Robinson, Cambridge

The Eyes Have It

There is something that can be done with eye gaze in detecting speakers’ state of mind.

Identifying people who are cognitively overloaded (e,.g. while driving, to reduce interupptions from navigation systems or the like).

Peter Swire, Ohio State

Tour of Projects

Encryption and globalisation paper, particularly the attempts by China and India to repeat the US mistakes.

Going Dark v. the Golden Access of Surveillance.

USvJones.com: Help judges by suggesting usable doctrine.

Are Hackers Inefficient?

The Right to Data Portability

Pretty Good De-identification

The Second Wave of Global Privacy Protection (Ohio State, Nov 2012) conference

Rahul Telang, Carnegie Mellon

Competition and Security

Does (can) competition increase security and/or privacy?

Hospitals are under incrasing pressure to invest in patient security and privacy.

In a more competitive healthcare market, there is evidence of more data breaches.

On most other measures, more competition increases quality.

Alma Whitten, Google

When is the Future?

The future is at most ten years from now. Meaningfully, five or ten years from now is the future, because things move so fast.

Technologists have a fair amount of power to build the future. But technologists are often taking their subtle direction from artists: particularly from science fiction.

Shows the “Expo” sequence from Iron Man 2. “I really want that interface”.

Some questions: Where are the boundaries? Who maintains it? Who pays for it?

Easy answers in the fiction (an eccentric techno-genius billionnaire), but if we want those tools for everyone these questions become more difficult to answer.

Current Mood: fascinated

Originally published at blog.a-cubed.info

a_cubed: (Default)

William Burns, Decision Research, CSUSM

Resilience in the Face of Terrorism: Risk Communication as Inoculation

Ratio of behavioural component of response to terrorist events (mostly incorrect) compared to the actual direct impact is approx 15:1. So while reducing loss of life is a good goal, minimisation of the over-reaction in the aftermath is also very important. Pre-emptive risk communication is the sensible approach.

A sensible risk message (terrorists aim to succeed in making you afraid, don’t let them win) has a significant impact on people’s responses to terrorist activity.

Chris Hoofnagle, UC Berkeley

Mobile Payments : Consumer Benefits & New Privacy Concerns

On Teror: I am terrified of motivational speakers, flying coach class on United and children’s products from China.

In a credit card, no party to the transaction has a complete view of the sale.  Merchants know what was bought but not exactly who you are. The CC issuer knows where and how much you spent, but does not know what you spent. This drives loyalty cards.

Mobile payments means that everyone in the chain can see all of the information.


Richard John, USC

Games Terrorists Play

Talking today about the non-rational terrorist.

Stackelberg competition game model.

Defender (leader) chooses counter-measures; attacker (follower) chooses attack.

Can we benefit from the irrationality of our adversaries? Terrorists often do not maximise their expected value – they follow irrational strategies which do not lead to their apparent goals. Reference: Predictably Irrational by Dan Ariely. We can do better than a strong Stackelberg equilibirum if we understand our opponents’ irrationality.

Persuading protection forces to act rationally and use these random approaches is a hard problem in itself.

Steven LeBlanc, Harvard

Constant Battles

The myth of the peaceful, Noble Savage. Humans have always had warfare and high death rates. There is a tendency to wish away prehistoric warfare by calling it something else or pretending it never existed. THe evolutionary pressures on surviving warfare are significant in the human genome?

Where data is good 15-25% of males die from warfare and 5% of females.

Death rates decrease with incrased social complexity. You are safer if you pay taxes. The more taxes you pay, the safer you are.

Mark Levine, Exeter

The Psychology of Violence Prevention

How to enroll the support of collective psychology to suppress violent action.

The action of third parties is seen in traditional psychology is seen as mostly negative: mob violence, mass hysteria, peer group pressure.

Looking at CCTV records of third party interventions (or lack of intervention) in violence.

Larger groups are less violent. How do third parties coordinate successfully.

Identity and eye-gaze: 52 participants, asked to view the same video with different priming questions about their identification with the subjects.

Ingroup bias: men look more at the men, women look more at the women. Men look more at the “perpetrator”, women look less at the “perpetrator”.

When people are primed in terms of their gender identity, they look at the third parties more than just the participants in the violence.

When primed to think of themselves are part of the group rather than as an individual, the women look more widely, whereas the men look more focussed. When primed as individuals, men and women look equally focussed/broadly.

John Mueller, OSU

Terrorism Since 9/11 – the American Cases

Only one occurrence in the US since 9/11 where a muslim terrorist killed anyone in the US, and almost no injuries. Hal of the cases appear to have been partly instigated by agent provocateurs of the government and all of the attemtped terrorists have been incompetent and mostly highly unbalanced.

Current Mood: fascinated

Originally published at blog.a-cubed.info

a_cubed: (Default)

David Livingstone-Smith, New England


The camera obscura description of ideology as an accidental inversion of reality. The Conspiracy Model of ideology as a purposive distortion of reality in pursuit of some goal.

There is a perfectly good model of non-intentional purposiveness available: the notion of biological purpose, e.g. the orhid that simulates a wasp for the “purpose” of seducing male wasps to use them as a pollenation vector.

Millikan’s theory of proper function provides analysis of non-intentional purposes. The thing that caused a reproduction of an item is the proper function of the item.

Ideologies are collective misrepresentations of the social world that:

perpetuate the power of dominant groups, creating the circumstances allowing their reproduction and the reproduction of that power.


Rachel Greenstadt, Drexel

Anonymouth: How to make machine learning for security usable

Long term anonymity is challenging, as shown in the case of “A Gay Girl in Damascus”. It’s particularly difficult to re-write an existing document in a new style.

Anonymouth provides a suggestion set of ideas for how to make your documents less recognisable as your own.

Luke Church, Cambridge

“tracking” for societal benefit

Users don’t understand derived sales models.

Asking programmers to allow the researchers to record and analyse their every keystroke and mouse click leads to refusal because they are afraid of the usage of that data.

Please can we slow down the process of restricting scientists access to data.

Bruce Schneier, BT

Profiling and Airports

Why profiling makes no sense in security, even if you have a differential threat. Arguing against intuition, “common sense” and “obviousness” with clear (security) engineering principles is hard.

Public policy has important characteristics which divorce it from individual common sense about security.

Political rhetoric focusses on folk belief, common sense and intuition, rather than solid engineering principles. Non-security issues are driving security decisions (including corporate interest, law enforcement interests, military interests).

The four horsemen of the cyber apocalypse used for two decades to justify intrusion.

Persuasion and security questions. How to teach people not to have their security fear buttons pushed.

Matt Blaze, University of Pennsylvania


Why (Special Agent) Johnny (Still) Can’t Encrypt (redux)

APCO Project 25 (P25) cryptographic system for first responders.

Serious vulnerabilities in multiple ways, in theory. How often do they cause problems in practice?

Rule #1 of cryptanalysis – look for cleartext.

Ridiculous amount and high security content of cleartext. About 30 minutes of cleartext per day per city.

The problem exists because radio encryption is harder than we think.

After discussions with various agencies there was often a short term drop in cleartext but then a reversion and even an increase.

The act of paying attention to problems like this can lead to a reduction of security because of misunderstanding.

Institutional memory of the previous generation of analogue radios (encryption reduces quality) is still maintained even though it is completely incorrect for the current systems.

Current Mood: fascinated

Originally published at blog.a-cubed.info

a_cubed: (Default)

Pam Briggs, Northumbria

A “Family and Friends” Perspective on Privacy and Security

Prevailing rhetoric is that privacy and security operate at a personal level – with individual decisions.

Too little attention paid to inadvertent disclosure in social or family networks.

Location-based services – one of the potentially most disruptive applications for privacy in the next few years.

Ubicomp in a family setting.

Facebook account hacked – three facebook friends to provide re-authentication.


Jaeyon Jung, Microsoft

Tools to Analyse Personal Data Exposure Through Apps & Developing UIs for Control

Problem is that access to information by Apps is often “all or nothing” for classes and without certain classes the app cannot be used at all – even if the app does not need it, depending on how it is programmed.

Some participants in a study of smartphone app data transfer were unsurprised – this is the price you pay for “free” apps. Others were surprised at things like the collection and transfer of location data when the app did not need it. Others felt they were not bothered by the collection per se, but wanted to know who had the data.

Some participants planned to uninstall particular apps (e.g. Angry Birds) because of their data collection. Some felt that the option of disclose or don’t use was not a good situation.

We need better user experiences for users in knowing about and controlling the information their smartphones give out.


Rob Reeder, Microsoft

NEAT guidance for usable software security

RSA data release started with a spear phishing attack based on an XL.

Security guidance to users in MS products should now follow NEAT: Necessary, Explained, Actionable, Tested.


Christoph Paar, Ruhr University

Real World Hacks

How do attackers learn their trade? With better information about how attackers develop their approaches, then we can potentially improve the defences. Obfuscation may be more use than its reputation (security by obscurity) gives it credit for.


Frank Stajano, Cambridge

The quest to replace passwords

Passwords have really poor usability. Does this mean we get good security? No.

Predictions of the demise of the password have ben greatly exaggereated. We use more and more passwords every year.

Make sense of what has been done – those who fail to study history are doomed to repeat it.

Evaluation framework for authentication systems.

Passwords are not going to die any time soon. Many schemes are better than passwords on security. Some schemes are better on usability than passwords, but most are worse. All are worse on deployability.


Jeff Yan, Newcastle University

Does psychological profiling predict MMORPG cheaters

There are many technical solutions to analysing in-game behaviour to identify cheating. Is it possible to identify likely cheaters with a psychological test. What about the issue of potential cheaters cheating on the questionnaire.

Current Mood: fascinated

Originally published at blog.a-cubed.info

a_cubed: (Default)

Sandy Clark, University of Pennsylvania

The Honeymoon Period and Secuity Development

Bug identification models don’t work for vulnerability identification.

Casinos have developed good approaches to patching exploits in their systems (general systems, not just computer-based systems).

Scams are the “buffer overflow errors” of human consciousness.

Attackers adapt, so defenders must adapt.

Evolutionary Biology model for Parasite/Host competing evolution (the Red Queen Hypothesis everyone must run in place to maintain the best outcome, which is not a perfect system).

Modelling the defender is not enough. We need to model the attacker. More importantly, we need to model the interaction and the violation of assumptions is one of the key eleents of this.


Richard Clayton, Cambridge

Devo estar falando Portugues? (Should I speak Portugese)

IM Worms.

Portuguese-specific short IMs for infection have significanly higher numbers of click at peak than “language-independent” ones.


Cormac Herley, Microsoft


Anything I do with a password can be repudiable.

We should be teaching check(cheque)-clearing rules instead of Byzantine security tips.


Markus Jacobsson, PayPal

What are password strength checkers actually doing?

Strength checker? Fast Runner? Has Tail, Has Black marks, Has Yellow surface, Has Dots? Result is a budgie not a leopard.

Determine the user’s mental process for creating (strong) passwords.

Comment by Richard Clayton: passwords for porn sites need to be enterable with only one hand.


Eric Johnson, Dartmouth College

Fraud in Healthcare

US healthcare costs are $2.5T. Farud is estimated at some hundreds of billions of dollars.

Medical Identity Theft?

The US medical system is setup to provide opportunities for fraud. Particularly dueto the pay-and-chase model.

Very easy to join medicare/medicaid as a payee, just a bureaucratic process.

Geting hold of identity ius not hard. The monetisation model is the keydevelopment.

Grainne Kirwin, Inst of Tech, Ireland

Psychology of Cybercrime

Interrested in victims of cybercrime. Why are they targetted, how do they react?

Trait anxiety, rather than state anxiety (Big-5?): how does it compare to susceptibility to fraud?

Victim facilitation and precipitation. Insult someone and they hit you (precipitation). Leave your keys on the bar (facilitation).

Considering how facilitation relates to liability. Most people will indicate that faciltative victims should be more liable.

David Modic, Exeter

Risk and Internet Scams

Ego-depletion, materlialism, marketing (susceptibility to being scammed).

Ego-depletion has no effect on falling for a scam.

No materialism measure has ay impact.

Appeal is very limited effect.

Scammers offer money not goods and intangibles.

Current Mood: fascinated

Originally published at blog.a-cubed.info

a_cubed: (Default)

Jeff Hancock, Cornell

Detecting Deceptive Language and Promoting (more) Honest Behaviour

Detection of the difference between purchased reviews of hotels by people who had not stayed there and real reviews by those who had. Automatic detection could identify 90% of the fake reviews – only works for differentiating between those who had stayed there and those who had not.

Lab studies on identifying lying: psychological distancing leads to verbal immediacy, cognitive complexity leads to a different discourse structure, anxiety and guilt lead to emotional leakage. However, various types of situation lead to differences in how the models can be applied.

How to promote more honest behaviour.

Promoting honest behaviour. Triggering a feeling of a face triggers social constraints on lying.

Current research will include graphics to see what can improve honesty.

Tyler Moor, Wellesley College

Why user intent affects how we combat online wickedness

Online crime is mainly fought by private actors rather than state agencies.

Sometimes crime is difficult to distinguish from undesirable behaviour.

What is the distinction between bad behaviour and criminal behaviour?

Distinguishing between phishing and malware installation (which can lead to keylogging and loss of authentication details). Phishing is attacked by the banks. Malware installers are attacked by the search engine.

Transparent redirection by cracked sites depending on the referrer information from Google search pages.

Need to identify the intent of the user.


Robert Trivers, Rutgers

The Folly of Fools: the logic of self-deception.

Lying to others is indivisible from self-deception.

Psychologists tend to study only deception. Philosophers worry too much about self-deception. You need both to understand deception.

Choice of language as well as physiological reactions give clues to deliberate deception. Self-deception could be deliberately practised in order to avoid deception clues.

Interesting data on self-deception: we do believe our deceptive positive self-image.

Self-deception is offensive (aimed at deceiving others), rather than what the psychologists claim: that self-deception is defensive, aimed at making ourselves happier.

We need more evidence on detecting deception in real situations.

80% of accidentsd happen with the pilot instead of the co-pilot in actual charge. Co-pilots are hesitant to correct errors from their more senior colleagues, particularly if they do not have a pre-existing strong relationship.

When considering deception, you must always keep self-deception in mind.


Joseph Bonneau, Cambridge

Guessing human-chosen secrets

What’s easier to guess? Older or younger users’ passwords? Passwords or random 9-digit numbers. PIN or Mother’s Maiden Name?

Showed the cartoon of Jesus having 2512 as his PIN to his father, whose birthday is Christmas Day, and his father promptly went and changed his PIN.

Released files of stolen passwords allowed statistical analysis of password choices.

Gathering data within Yahoo via an encrypted hash to allow for statistical analysis without knowledge of the actual passwords.

Changing user behaviour (such as changing passwords occasionally) is better than just stressing the risk.

Language makes something of a difference, but at most a factor of two in difficulty.


Stuart Schecter, Microsoft

Better Passwords

P@ssword was a “strong” password accroding to Yahoo’s algorithm. P@$$word1 was a “strong password according to Google’s algorithm.

Ban popular passwords!

Important internal passwords for high value propositions (MS, Google) need better approaches.

Current Mood: fascinated

a_cubed: (Default)

This book is shiny. I mean physically shiny, not shiny as in Firefly-universe slang. This is not a good thing in a book, as the makers of ebook readers know. When I read it, I have to be careful how I hold it, otherwise the shiny ink on the shiny paper reflects the overhead light straight into my eyes making it impossible to read.

Although she has clearly done some very good research and talked to many, there are a few strange howlers in here. In chapter 1 she introduces Second Life and briefly refers to MUDs (Multi-User Dungeons) as their precursor, as played by people in the 1990s. Strange, that, as I remember being introduced to the local official MUD (many MUDs and similar systems ran unofficially, sometimes on cracked machines and sometimes just by a superuser running it overnight without authorisation) run on the VAX at the University of Leeds School of Computer Studies (as it was then) by the Computer Society. MUDs were already well advanced by 1988, so while they may have increased in user numbers as networking came to more people in the 1990s they were already out and about in the 1980s. Later she talks about MUDs more and goes into their history, but it’s almost like she wrote the first chapter early on before her foray into the history of multiplayer online games and never went back and corrected the first chapter. There’s also something of a categorisation difficulty here. SL is more reminiscent, to me anyway, of MUSHes than MUDs, while WoW and similar are the MUDs of today. The difference is an ethos of platform-driven definition of space and capability versus a user-driven one. As Coleman’s thesis is about user-driven network life enhancements, MUSHes are the place to start, not MUDs, just as she focusses on SL rather than WoW.

This is sympomatic of the entire book, actually. The author is a literary theorist and it shows. She neither really understands the technology, nor the psychology, sociology of online worlds. There are some flashes of insight and the interviews with some of the major figures in the field (Doctorow, Lanier etc) are worth reading, though more for their in-depth responses than the quality of her questions. I bought and read this primarily because a review in the THE mentioned that she had the thesis that the digital and physical worlds are not really separate any more, but that cross-reality (or x-reality as she insists on calling it) is now the norm. This fits with my own thinking on issues of identity and reputation (that often one now has a joint identity not two separate ones). She has a somewhat interesting take on the ideas and I don’t regret spending the time to read this mercifully short book, but in the end it’s quite disappointing. I think she needed collaborators on the project, from technology, sociology, psychology or similar.

Current Mood: (bitchy) bitchy
Current Music: Star Wars: A New Hope Soundtrack

Originally published at blog.a-cubed.info

a_cubed: (Default)

Please complete with just one sentence “Facebook is…”.

We have some interesting results from Japanese students and I’m interested in gathering thoughts from other people.

Current Mood: (curious) curious

Originally published at blog.a-cubed.info

a_cubed: (Default)

Another example of the contempt with which people in business hold educators, at all levesl, came up in this Diverse Issues in Higher Education article. The most telling phrase was Change the Equation Board Chairman Craig Barrett’s statement that “suggested making sure that math and science teachers have mastery of their subjects, and that more is done to relax teacher licensing requirements so that accomplished individuals from STEM fields can teach math and science.” SO, the way to improve STEM (Science, Technology, Engineering and Mathematics) education is by removing licensing requirements which ensure that teachers know how to teach. Yes, that’s the way to get people who are good at these subjects to go into teaching and do it well. Of course the problems with teaching are all down to bad teachers who’re lazy layabout who don’t deserve the massive salaries they siphon from the public purse. Nothing about the problems particularly in STEM subjects is to do with the disparity between starting salaries and conditions for teachers (never mind what you earn after 20 years experience as a teacher, what does it cost to take the teaching qualification and what is your starting salary compared to what else you’re being offered if you’re good at STEM subjects). These CEOs, most of who undoubtedly claim to be proponents of  “free markets” refuse to see the free market conditions that constant pressure on teacher’s salaries compared to the private sector have been one of the significant problems in recruiting teachers to STEM subjects. Some teachers in those subjects are good, those who have a very strong vocation for teaching and are willing to put up with a lifetime earning capacity and in particular starting salaries much below what the private sector offers. Of course there are some problems here, in that teaching unions are generally unwilling to see a market price set for different subjects. But the claim that the bar to getting people who are good at STEM into teaching is the requirement to have a clue what teaching is (here’s a clue – it really does require more than just knowing the subject) is by removing the licensing requirements is just bizarre. Start paying teachers competitive salaries and make teacher training free for those who then go on to teach for five years (and provide teacher trainees with a decent income in their training years) and perhaps we’ll see an improvement in STEM teaching. Parachuting in subject experts who don’t know how to teach will do nothing to improve the situation on those who know how to teach but aren’t good at their subjects in the first place.

Of course this would all require those CEOs to be willing to pay higher taxes so they’re never going to support that obvious route.

Originally published at blog.a-cubed.info

a_cubed: (Peace)

I’ve just submitted a paper to Computers and Society. The draft submission is available on OpenDepot.

Current Mood: (accomplished) accomplished
Current Music: Torchwood Soundtrack

Originally published at blog.a-cubed.info

a_cubed: (Peace)

Here’s a message I sent to my MP Rob Wilson today, via writetothem. I encourage everyone else whose MP voted in December to raise tuition fees, to send a similar message to their MP.

Dear Rob Wilson,

According to The Public Whip website you voted with the government on the proposals on university tuition fees in December. Accordingly it would appear that you believe that  individuals who gain a degree (or even simply study for one) should be required to pay  individually nearly the full cost of that education. Since you appear to have a degree (your web page indicates that you studied at the University of Reading although it does not explicitly state  that you graduated) or at least studied at University, and that as an MP your salary is well above the average (indeed comes into the higher rate tax bracket), I would like to know how much you  have personally paid towards your degree and if this is less than is estimated to have been the relative cost of your degree at the time, whether you have any plans to put your money where your vote was and to pay for your own degree by a voluntary contribution (perhaps over time) to your Alma Mater to bring your payments up to those you voted to impose on future generations of students.

Originally published at blog.a-cubed.info

October 2016

30 31     


RSS Atom

Style Credit

Expand Cut Tags

No cut tags
Page generated Sep. 21st, 2017 06:43 am
Powered by Dreamwidth Studios