As is my habit, I attended Health Extension #12 at the new Hacker Dojo in Mountain View this past week.   The new Hacker Dojo location seems bigger and more professional than their old place.  This hackerspace has a clean, organized air about it which reflects its location in Silicon Valley.  NoiseBridge in SF and SudoRoom in Oakland both seem more anarchistic.  I want to go back sometime and check it out more thoroughly though.  I love hackerspaces.  But one of the Hacker Dojo members was complaining to me about freeloaders.  So it seems that Hacker Dojo is subject to the same problems that plague all attempts at direct democracy. Saying that everyone is in charge is equivalent to saying no one is in charge.  The direct democracy folks will need to work a bit harder to outdo the framers of the Constitution.  Representative democracy, get into it.

Hacker Dojo’s new digs at 599 Fairchild in Mountain View, CA.  It’s more built-out than this now.

Joe Betts-LaCroix gave a summary of the Health Extension mission and an update on their current activities.  The bottom line is that aging research is seriously underfunded.  Health care costs consume 17% of US GDP, and up to 90% of that spending is on age-related diseases.  We simply can’t afford to continue ignoring the biochemical processes of aging.  We need to spend on effective preventative medicine.  He also reported that the Health Extension pipeline is operational.   So researchers with great aging research ideas that are vetted by the HE Scientific Advisory Board will get assistance with funding and support from a variety of potential sources such as venture capital or philanthropic funds.

Joe next trotted out a fancy new refactoring of the word “aging”:

Degenerative Precursors – Any process, condition, or diagnostic result that, if unchanged, correlates with a high probability of subsequently developing any of a list of at least two, otherwise disparate age-related diseases.

He ran this by a bunch of biologists and they came up with a big honking list of “degenerative precursor” candidates, so let’s see where they go with this.  The HE 2013 internship project already produced “the world’s first comprehensive database of all known genetic variations in humans that pertain to lifespan and aging characteristics.”  It’s available online now, and they have submitted the results to a prestigious journal for review.  So these people don’t mess around.  I’ve heard many researchers suggest that a vast store of answers lay undiscovered within the massive corpus of existing research.  Don Swanson pioneered this sort of literature-based discovery which I learned about at a Samuel Arbesman talk last year.    This sort of meta-study is probably going to be more and more important as the amount of research explodes.

Joe also gave a plug to the upcoming SENS Reimagine Aging Conference in Cambridge, UK.

This month’s Health Extension featured leading Alzheimer’s researcher J. Wesson Ashford, MD, PhD.  Dr. Ashford was instrumental in developing anticholinesterase therapy, which is now standard treatment for Alzheimer’s disease.  He is now the director of the War Related Illness and Injury Study Center the VA Palo Alto Health Care System, and clinical professor of psychiatry and behavioral sciences at Stanford University. He is chair of the Memory Screening Advisory Board of the Alzheimer’s Foundation of America and clinical editor of the Journal of Alzheimer’s disease.  So this guy knows his Alzheimer’s.

Ashford started out his talk by telling the crowd that we were all going to die, which wasn’t well received by a bunch of life extension enthusiasts.  However, he tried to put things into perspective by pointing out that the Milky Way and Andromeda galaxies are due to collide in about 4 billion years, which certainly makes me feel better about dying.

He went on to point out that one of Joe Betts-LaCroix’s standard slides showing age-related diseases would be more clear if plotted on a logarithmic scale.  He referred to the Gompertz Law of Mortality, which states that mortality increases exponentially over time starting around age 30.

 So the chart above would look like the chart below if mapped to  log scale, get it?

Simply put, the older you get, the more likely you are to die.  And this is a regular progression, not a sudden jump as the first slide might make it seem.  Wesson seemed to be making a fatalist point: time kills – period.  But Health Extension might be able to use this point of view to tweak their message.  Folks ought to take aging more seriously if they consider that our risk of death is doubling every year over thirty.

Dr. Ashford pointed out that the exact cause of Alzheimer’s is still not known, but there are several schools of thought on the matter.  The Beta-Amyloid theory has been the prevalent theory for over 100 years and suggests that the plaques that build up in the brains of Alzheimer’s patients are the cause of the condition.  However, several drugs have successfully removed these plaques, but failed to improve the symptoms of Alzheimer’s disease.  So that has lead some, including Ashford, to conclude that this theory is flawed and that billions of dollars have been wasted by drug companies.  He made the reasonable point that the role of factors should be understood before attempts were made to remove them from the body.

The Tau theory is that a process called “Tau hyperphosphorylation” leads to tangles that clog up the neuron and prevent it from functioning.  This occurs in the later stages of Alzheimer’s disease and is related to dementia.  Ashford himself subscribes to a theory which I didn’t really understand.  But he seemed to suggest that attention should be focused on another protein that is created when beta-amyloids are cleaved from their precursor protein.  I couldn’t find the name of this creature, but I will ask around.  But it seems that Ashford thinks that the real action is happening inside the cell and the extracellular plaques are a red herring.

Dr. Ashford made some provocative comments that people don’t care about genetics, cost-benefit analysis, or the future.  His case for genetics centered around his assertion that not enough people are using 23andMe.  Also, he lamented that not enough of the papers being submitted to Journal of Alzheimer’s disease are controlling for the apoE gene, which has a major impact on Alzheimer’s risk.  This gene has three variations: APOE-2 reduces likelihood of Alzheimer’s, APOE-3 has average risk, and APOE-4 confers increased risk.  I checked my 23andMe report and was relieved to find an APOE-2 in there.  But of course, if I had an APOE-4 I wouldn’t… err, what was I saying?  Never mind.  Actually, I shouldn’t joke about this stuff.  Folks with a couple of APOE-4’s should consider taking extra preventative measures.

Here are the preventative tips I got from Dr. Ashford’s website:

THE TOP TEN TREATMENTS FOR PREVENTING ALZHEIMER’S DISEASE
J. Wesson Ashford, M.D., Ph.D. (November, 2006)

1. Take your blood pressure regularly; be sure that the systolic pressure is always less than 130.

2. Watch your cholesterol; if your cholesterol is elevated (above 200), talk to your clinician about appropriate treatment. Consider “statin” medications a d besure your cholesterol is fully controlled. Increase your dietary intake of omega-3-fatty acids (eat deep-sea finned fish at least 3 times per week) and nuts (especially almonds).

3. Exercise your body, mind, and spirit regularly. Physical exercise best 10-30 mins after each meal for 10-30 minutes, 3 times per day. Do aerobic and strengthening exercises. Maximize your education. If you have spare time, do mental puzzles (like crossword puzzles). Stay active with your friends and in your community.

4. Physically protect your brain. Wear your car seat-belt. Wear a helmet when you are riding a bicycle or participating in any activity where you might hit your head. Work to decrease your fall risk through physical exercise, making your environment safe.

5. Keep your BMI (Body Mass Index) in the optimal range (19-25):
   ——– BMI = 703 * weight (pounds) / height (inches) squared ——–
   To optimize your BMI, control your food intake and exercise. Decrease your risk of type II diabetes. Monitor your fasting blood sugar yearly. If you have diabetes, make sure that your blood sugar is optimally controlled.

6. Consult your clinician about your joint and muscle pains (treat arthritis with ibuprofen, sulindac, or indomethacin).

7. Take your vitamins daily (folate – 400mcg, B12 – 25mcg, C – 250 mg, and E – 200iu’s). Check with your clinician yearly to be sure your homocysteine levels are not high and you have no signs of or risk factors for B12 deficiency (ask your doctor to make sure your B12 level is above 400. If diet doesn’t help, take oral supplement. If oral supplement doesn’t work, get monthly B12 shots additionally. Maximize your vegetables.

8. Keep your hormones stable. Check with you clinician about your thyroid hormone. Discuss sex-hormone replacement therapy with your clinician (such therapy is not currently recommended for Alzheimer prevention, but may help memory and mood).

9. If you have difficulty getting to sleep, consider trying 3 – 6 milligrams of melatonin at bedtime. If you snore, consult your clinician about sleep apnea.

10. Monitor your memory regularly; have your memory screened yearly. Be sure the people around you are not concerned about your memory. If you think that you have significant difficulty with your memory, talk to your clinician about further evaluation. Consider therapy with cholinesterase inhibitors and memantine.

source: http://www.medafile.com/top10tr.htm
more tips here: http://www.memtrax.com/en/yourBrainHealth

It was also suggested that low doses of ibuprofen might be preventative of AD in a way similar to the way that people take small regular doses of asprin.

Ashford has developed a memory diagnostic tool at http://www.memtrax.com to help detect memory degradation associated with Alzheimer’s as early as possible.  I signed up and tried it out, and it involves viewing a series of pictures and hitting the space bar when a picture is repeated.  It was fairly easy and more of a test than a task, like Dual N-Back or Lumosity.com.  It seems to be free and it’s cool that Ashford is putting it out there to help folks out.  He also sees huge potential for big data and web applications to enable memory testing across broad populations.  This is the sort of area where Quantified Self type data can cross over into real science.

After the talk, I got into a discussion with a Silicon Valley entrepreneur type who was skeptical about Health Extension.  It’s illuminating to discuss your beliefs with a skeptic that doesn’t listen very closely.  All of the sloppiness and jargony shorthand which is acceptable when preaching to the choir gets called into question.

So why am I in favor of health extension after all?  I think the key lays in the distinction between life extension and health extension.  No one wants to live 50 additional years in the poor health of a typical 80 year old today.  The goal is to extend the period of health for humans.  That’s a big deal.  It would lead to a huge reduction in suffering worldwide, massive economic benefits for states burdened with high health costs, and it’s just what I want for myself and my own loved ones here and now.

Of course this skeptic brought up the standard Malthusian argument that the earth couldn’t sustain humans with extended health spans.  In response, I brought up the Haber process which is an example of how human ingenuity throws a wrench into Malthusian calculations.  The Haber process extracts nitrogen from the air in the form of ammonia.  Big deal, right?  Well fertilizer generated from ammonia produced by the Haber process is estimated to be responsible for sustaining one-third of the Earth’s population.  So when we consider the sustainability of life extension, we should consider what other breakthroughs like the Haber process lay around the corner.

The flip side of this argument is that a ballooning Haber enabled population is degrading the earth at a more rapid pace.  I might argue that folks who oppose health extension on sustainability grounds should consider that the poverty induced high reproductive rates of the developing world probably dwarf any environmental impact that health extension might have.  Arguments about the stagnation of innovation notwithstanding, I will assert that humans are inventive enough to increase efficiencies, and sensible enough to reign in fertility, as their conditions improve.  So let’s go help pull the Global South out of poverty so that their fertility rates go down to more manageable levels and work on health extension.

Another point that came up that evening was this common Silicon Valley refrain that startup founders need to stop focusing on minor first world problems and start tackling the real problems of the world.  At the same time we hear that VCs have turned cowardly and are now demanding that startups have an established customer base and revenue before they will dip a tremulous toe into the water and risk their precious cash.  So the problem is probably not founders without vision, as much as capital without guts.

Overall this was an interesting evening that touched on a range of topics.  Alzheimer’s disease is a serious illness that will probably increase in frequency as the population ages and lifespans continue their historical increase.  It may be that the big drug companies need to slow down and dig deeper into the fundamental biological processes underpinning this disease in order to come up with truly effective treatments.  I admire the work of researchers such as Dr. Ashford, who tirelessly probe into the maddening complexities of human biology looking for these answers.  Even if he is a fatalist who insists that we are all doomed to die in the nearing galactic traffic accident.

I went to a Humanity+ networking event at Zero1 Garage in San Jose this week.  It was organized by Humanity+ magazine editor Peter Rothman.  Presentations were given by seminal transhumanist Natasha Vita-More, media artist Jason Wilson, and writer Zoltan Istvan.  I missed the beginning of Vita-More’s talk (which was delivered via Skype) and had a hard time picking up the gist of it, but she seemed to be discussing ways in which people could promote the idea of transhumanism.  She mentioned some books that she recommends: Design of Everyday Things, Art of Innovation, and her own Transhumanist Reader.

I don’t really get the point behind advocating for transhumanism myself.  To me transhumanism is a misnomer.  Humans have always augmented themselves and always will.  To augment is essentially human.  It’s what technology is all about.  I guess one can imagine some significant thresholds where technology has been integrated into our bodies, like pacemakers or artificial hips or something.  Just kidding, a significant threshold would probably be something like the ability to perform Google searches by merely thinking about a query.  But we have crossed similar technology thresholds in the past like language, the written word, and the internet, without feeling the need to come up with new species classifications.  Nonetheless, I’d rather hang out with transhumanists than a bunch of sports fans or something.

I met Peter Rothman a couple of times and he is a cool guy.  He is more cultural than a lot of the computer people one is apt to meet.  I like how he invited Jason Wilson to speak at this event.  I have seen Wilson’s Outer Body Labs at various events like the Singularity Summit or DEF CON.  They provide technology assisted “out of body” experiences by putting you into video goggles that block your normal view of the world but give you a view of yourself transmitted from a nearby camera.  You are basically seeing yourself move around and perform tasks from outside of your body, which I imagine is very disorienting.  Wilson describes the experience as, “breaking the agency of eyesight.”  You can’t control where the camera points, and this helps to put your own subjectivity into perspective.  Given that humans seem better at judging others than judging ourselves, experiencing an outside view of yourself might increase your sense of objectivity.  I plan on heading over to Wilson’s studio one of these days to check it out firsthand.

Following Wilson, Zoltan Istvan gave a talk on his book, The Transhumanist Wager.  I guess it’s about a guy who takes over the world in order to live forever.  I didn’t read it, and from the various book reviews I have found online, I don’t think I will.  Istvan is basically arguing that transhumanists should form cells and start combating religious groups directly.  I’m not kidding; here is an excerpt from his interview with Serious Wonder:

Z: I’m currently creating networks of transhuman activists across America and beyond that will begin systematic confrontations against those that are hostile to life extension and human enhancement science. I plan to use aggressive tactics that will garner media attention for spreading transhumanism. Of course, I’m also using my novel, The Transhumanist Wager, as a tool for how passionate that activism should be …

Now you might be thinking, “Why are you bothering to dig into this madness?”  But the fact is that Istvan doesn’t come across as crazy in person.  I stayed and spoke with him after his presentation.  He is an intelligent and articulate person.  During his talk, Istvan lamented the lack of funding being applied to research into aging.  One hears the same point made at the Health Extension Salon, and this is a good point which I agree with.  Aging research should get more funding.  But Istvan seems to think that confronting religious people is the way to bring that about.  I told him that I don’t think any of the elites controlling policy in this country are actually religious, but he asserted that I am living in a Bay Area bubble.   He thinks the elites in this country are religious, and he pointed to the suppression of stem cell research by the Bush administration as an example of that.

My sense has always been that policy makers use the religious views of the population to craft wedge issues that can be used to distract the public from more important problems and to win elections.  Gay marriage is a good example, and I assume that stem cell research is just an unfortunate casualty of such a strategy.  I don’t believe that Bush or any of the elites running this country hold actual religious beliefs that affect their decision making.  The very idea seems ludicrous.  It seems clear that there is a negative correlation between intelligence and religious belief.  I also assume that that it takes smarts to operate in the ranks of policy makers.

So to me it’s deeply misguided to go picking fights with a bunch of poor, muddled religious folks and try to beat them into submission to their transhumanist overlords.  Because, you know, religious folks are probably more tolerant of dying for their beliefs than rationalists will tend to be.  Just saying.  I’m no activist, but if you want to get funding for life extension, focus on the billionaires that really pull the strings in society.  I’m sure some of those plutocrats would cough up some cash if you could convince them that there was some chance they could benefit directly.  But as I said, I’m not an activist.  People that adopt the technology characterized as transhumanist will simply outcompete those that don’t.  No one can stop this technology from being created.  Bush’s ban on embryonic stem cells might have just pushed more research into adult stem cells (iPSC), and it certainly didn’t stop stem cell progress.

Istvan’s cognitive framework is fraught with inconsistencies.  He’s a big proponent of individual freedom, but then advocates a global law enforcing secular education.  That’s just incoherent from any angle you look at it.  I would expect an individual freedoms guy to go for Sudbury style schooling (free schooling, in which kids teach themselves) or something.  Certainly the top-down, global law approach is inconsistent with individual liberty.  Also this intense advocation for the primacy of the individual offends my embedded cognition sensibilities.  Consider Nicholas Christakis’ work, which shows that human behavior is deeply influenced by the behavior of those around us.  I am sympathetic to those monarchists who point out the shortcomings of decision by committee.  I see that there are some inherent coordination costs that impact group decision making.  But I will still assert that advanced cognition is impossible in the absence of social interaction.  Cognitive agents cannot be formed without social interaction and cannot operate for extended periods of time in isolation.  So it seems that cognition is a network dependent process.

My Less Wrong friends may tell me that this empirical “outside view” is susceptible to the Black Swan effect; you can’t predict a new thing by examining the things you have seen already.  It may be that Artificial General Intelligence (AGI) agents will not be constrained by network limitations and will have a totally different sort of cognition.  Go on Less Wrong and you will find much talk of utility functions.  But there is a wide gulf to cross between the natural language utility function of “maximize paper clips” and the computer code that describes that function and can actually act on it in the real world.  This gulf is only crossed by much handwaving.  I’m not trying to beat up on Yudkowsky et al, I actually like and admire those folks.  I will leave the LW bashing to Alexander Kruel who has some bug in his rear about them.  I just remain unconvinced of the viability of agents that are not network constrained.  Thus, hard individualism is invalid.

Another one of Istvan’s inconsistencies showed itself when he complained that the older generation was holding back progress toward immortality.  Now this strikes me as somewhat ironic.  If immortality is so great, I asked him how he imagined that society would progress in the absence of successive generations.  Istvan declined to speculate about that and made some vague reference to AI changing how progress would occur, which isn’t such a bad cop out.  Sure, AI will do the thinking for us, no problem.  But this very point was brought up by a young woman at a recent East Bay Futurist meetup.  She pointed out that each generation is uniquely positioned to understand the era they matured in.  This is not a concern that I readily dismiss.

It may be true that immortal humans will be more flexible than the crystallized old folks of today.  However, I suspect that they will tend to hold on to core aspects of their identity.  Why live forever if the entity that exists isn’t in some way recognizably you?  A sense of identity is that which we develop over time as we draw a border around what is and is not within ourselves.  It is probably a function of synaptic pruning.  It may be that a society of immortals will be less evolvable and less able to address changing conditions as I discussed previously.  I am sympathetic to the view that AI or Intelligence Amplification (IA) can mitigate this risk, but it’s a real risk posed by immortality that futurists should take into consideration.

I have other problems with Istvan, like the way he holds the radical views of his book at arm’s length, claiming that he doesn’t fully subscribe to the views of his characters.  I would accept that if he was just another fiction author and not promoting the same basic agenda as his book does.  At the end of the day though, Istvan seems like a starry eyed idealist unaware of the political realities of the real world.  This is hard to reconcile with the fact that he is a world traveller and person of action.  Nonetheless, I am glad that I met him because at least it helped me to clarify my own position.  I just hope he doesn’t go triggering some huge public backlash against transhumanists by doing something rash.  Because if that happens, I want the religious police to notice that I have publicly disavowed the word transhumanist many times.  I am just a regular human who likes tools, ok?

I attended Black Hat and DEF CON USA 2013 this year in Las Vegas.  These two computer  security conferences were both founded by hacker Jeff Moss aka The Dark Tangent.  The Dark Tangent sold Black Hat for $14 million in 2005, but retained control of DEF CON.  He chairs the Black Hat conference, sits on the DHS Security Advisory Council, and is the chief security officer for ICANN, so he is pretty hardcore.  Black Hat, owned by UBM, costs thousands to attend and is supposedly more corporate, while DEF CON costs only $180, has cooler badges, and is more, uh, cultural.  This was my second year attending BH/DC, but next year I might skip Black Hat and try out the even more underground security conference, BSides.

Of course, I am no hacker; I am just a sysadmin, but I like to see what hijinks the hackers are up to these days.  Whether we are talking about the builders or the breakers,  hackers are having more and more impact.  Software is eating the world after all.  Look at China siphoning off intellectual property from US companies.  Look at the way hacking has branched out into organized crime.  If Snowden is to be believed, NSA analysts can hack anyone at will.   It’s also sobering to consider the impact that hacking will have on implantable medical devices.¹  If I have learned anything from my interest in computer security, it is that many, if not most, of the electronic systems we rely on today were not designed with security in mind.  (I’m looking at you IP spoofing.)  This is true of internet protocols, industrial control systems, and yes, medical devices as well.

I am a computer consultant, so I do attend these things in that capacity as well, but I won’t bore everyone with how depressing it is to see my poor Windows systems continuing to get pwned by pass-the-hash and other exploits.  STILL!  After all these years.  Ugh!

One of the first talks that I attended was by Matthew Cole, who talked about a case in which the Italians convicted a bunch of CIA agents for kidnapping a Muslim cleric (aka extraordinary rendition) in Italy.  I had never heard of this case or of Cole, but this event from a couple of years ago is relevant today because, ironically, the Italians also used cell phone metadata² to piece together their case against the CIA.  Cell phone metadata is the stuff that the NSA is gathering on each and every one of us Americans right now.  Also, Hezbollah supposedly used metadata analysis to arrest some CIA operatives back in 2011.  So Cole is calling out the CIA for sloppy tradecraft (spying) and failure to learn from past mistakes.  But it’s interesting to see some specific examples of how this supposedly innocuous metadata can be used against Americans.  This whole Third Party Doctrine thing needs to get reigned in.

I noticed that several of the presentations at Black Hat and DEF CON this year focused on machine learning algorithms.  One interesting project called CrowdSource was even funded by DARPA.  Their goal was to apply machine learning to the problem of malware analysis.  As any coder knows, Stack Overflow is one of the most useful forums for finding answers, and the creators of CrowdSource reasoned that malware authors are no different.  So they downloaded Stack Overflow, yes, the entire site, and used it to create semantic mappings between function calls and their natural language descriptions.  They then applied some machine learning math to help them predict just what their decompiled malware was trying to do.  I love this approach.  As the authors point out, it will stay up-to-date as long as Stack Overflow stays relevant, and they can even link back to the relevant Stack Overflow pages to show how conclusions were reached.  Clever.

Another example of machine learning being applied in the computer security domain was presented by Brazilian security expert Alexandre Pinto.  One problem that many companies face in computer security is realizing when they have been hacked.  Gone are the days of flashy hacker vandals making their exploits known to the world.  Malicious actors these days strive for stealth, and it is remarkably difficult to separate their footprints from the riotous chaos that constitutes “normal” network behavior.  Alex Pinto started out by lamenting that these SIEM systems that corporations use to log activity on their networks are incredibly difficult to configure and are remarkably ineffective.³

So Pinto went on sabbatical and started brushing up on machine learning.  He figured that the only way to address this big data problem was to enlist the help of robots.  He whipped up a neat little proof of concept example using a support vector machine to cluster IP addresses in his firewall logs.  This is sort of a trivial example, since IP blacklists are widely available and frontal attacks on firewalls don’t pose as much of a threat as the users with their browsers.  Nonetheless, the technique Pinto demonstrated could be adapted to cluster all manner of logged events on a network.  If he threw in some  heuristics (rules of thumb) such as the  “kill chain” event grouping suggested by John “Four” Flynn at Black Hat last year, it would add some codified human intelligence into the machine learning process and contribute to stronger computer security.

This is interesting because we are starting to see rudimentary AI being publicly discussed in the realm of computer security.  I assume of course that the NSA has had plenty of computer science PhDs working on more advanced AI based computer attacks and defenses for some time.  Yep, attacks.  Where the story gets more interesting is with this presentation at DEF CON by Soen Vanned:

Evolving Exploits Through Genetic Algorithms
SOEN HACKER FOR TEAM VANNED

This talk will discuss the next logical step from dumb fuzzing to breeding exploits via machine learning and evolution. Using genetic algorithms, this talk will take simple SQL exploits and breed them into precision tactical weapons. Stop looking at SQL error messages and carefully crafting injections, let genetic algorithms take over, and create lethal exploits to PWN sites for you!

Genetic algorithms basically try to mimic evolution by interbreeding and mutating potential solutions to evolve the fittest specimens.  In Soen’s case, of course, the “solutions” were SQL injection attack strings used to compromise web applications.⁴

So we have machine learning on the defense side trying to identify and analyze attacks, and we have it on the offense side trying to evolve exploits to bypass signature based filters.  This is starting to look like high frequency trading.  Have we had duelling AI’s going at each other behind the scenes between nation states for years already?  Maybe Peter Rothman is right and the Singularity already happened.

With the recent Snowden revelations, there was much talk about privacy.  Hackers are way ahead of the curve in these matters.  NSA whisteblower William Binney revealed details about NSA spying programs targeting Americans last year at DEF CON 2012.  This year, DEF CON featured a presentation by some folks from Montana who are working on privacy legislation at the state level.  Eric Fulton, a computer security specialist, worked with Montana state representative Daniel Zolnikov to prepare privacy bill HB 400 that ultimately died in a Montana state legislature committee.  But they are not giving up.  This bill was killed a few months prior to the Snowden revelations, so the public was less aware of privacy concerns at that time.  Fulton and Zolnikov plan to revise and break up HB 400 into smaller privacy bills that can be introduced in the future.

Here are the main points of HB 400:

(a) data subjects must be given notice when their personal information is being collected;
(b) personal information may be used only for the purpose stated and not for any other purposes;
(c) personal information may not be collected or disclosed without the data subject’s consent;
(d) personal information that is collected must be kept secure from any potential abuses;
(e) data subjects must be informed as to who is collecting personal information;
(f) data subjects must be allowed to access their personal information and make corrections to any inaccurate data;
(g) data subjects must have a method available to them to hold data collectors accountable for following the principles contained in this section.

These all seem fairly reasonable to me.  Maybe it’s a good idea to have states start enforcing privacy rights.

This question of privacy and who owns your personal data has been on my mind for some time.  Some guy promoting this Open-Source Everything idea gave a rambling, disjointed talk about hacking capitalism which was disappointingly bad.  He reiterated Lanier’s idea that people should own the data they create.  The problem is that most interesting data is created by interacting with services.  So you don’t in fact own your data, because the service providers control it on their servers.  But I would go farther and say you shouldn’t assert full ownership of this data as intellectual property, because it wouldn’t exist without the service you interacted with.  If phone services didn’t exist, phone call metadata wouldn’t exist.  So that’s a problem I hadn’t really thought through before.  Aside from the fact that it’s incredibly difficult to assert ownership of data in the first place, we can’t really claim exclusive ownership of so called “personal” data even in theory.  So we should go create something without using a service and assert ownership of that.

On the other hand, it would be nice to have something akin to privacy continue to exist in this world. Noah Schiffman and Skydog gave a talk called the Dark Arts of OSINT (OSINT = Open Source Intelligence), in which they showed how math can be applied to harvest publicly available data about anyone.  It is really amazing how much can currently be learned about you with only a couple of pieces of information.  SkyDog highlighted some of his favorite tools such as: Maltego, Search Diggity, and even Recorded Future⁵.  Schiffman then went on to lay out the math that can be used to do deep correlation between disconnected sets of information.  He cited the simple example of US Census data:

87% of the US population can be uniquely identified by gender, ZIP code, and full date of birth.

So that’s a tough attack to protect against.  Privacy really is dead.  The only solution that seemed even remotely plausible for maintaining anonymity was to spread misinformation about yourself to increase the noise to signal ratio and make it harder for malicious actors to build a profile of you.  I think Vinge talks about a service to provide this in Rainbow’s End.  Also, some guy at DEF CON told me about a service that is starting up to provide false information to various service providers on your behalf, but I think I lost his card.  I will look into that more.  If anyone knows about a service that does this, please post in comments.

Information systems are becoming more and more important in the real world every day.  Bits are taking control of atoms.  The people that can actually access and control these systems wield incredible power.  Some hackers do sell their work to oppressive governments and criminals.  However, hackers are inherently defiant and unpredictable.  I actually take consolation from this.  If a global information police state does emerge, we can trust that there will always be some hacker out there to throw a wrench in the works.  If for no other reason than the lulz.