Andrew Patrick

Does “Cressie” swim the waters of Crescent Lake in Newfoundland? Sightings of this giant creature have been reported for years, much like the Loch Ness monster, but no evidence has been found. In this article from Skeptical Inquirer, Joe Nickell goes in search of the elusive creature.

Quest for the Giant Eel

Sightings of a “monster” in the lake date back to the turn of the last century when a resident known as “Grandmother Anthony” spied a giant serpentine creature while she was picking berries. From the 1940s to the present, there have been a dozen or so sightings, although without photographs to date. Most descriptions are of a dark, eel-like creature, up to twenty-five or more feet long.

Lawful access refers to the requirement by telecommunication providers, including IPSs, to allow law enforcement agencies to track and monitor communications (e.g., wire tapping). Canada has been considering changes to its lawful access laws for some time and the latest attempt is a a new set of legislation currently being debated. The new rules would require the release of customer information (name, telephone, IP address) without court oversight (i.e., without a warrant). In this article Michael Geist digs into the case being held up as an example of the need for new legislation and finds that no ISP records were even requested, and yet an arrest was made using the current laws. Interesting reading…

Van Loan’s Misleading Claims: Case for Lawful Access Not Closed

Last June, current Public Safety Minister Peter Van Loan tabled the latest lawful access legislative package. Much like its predecessors, the bill establishes new surveillance requirements for Internet service providers. In an about-face from the Day commitment however, it also features mandatory disclosure of customer information, including name, address, IP address, and email address upon request and without court oversight.

As part of the Financial Cryptography and Data Security Conference to be held in January 21010 in Tenerife, there will be a workshop on ethics in computer security research. This is an important topic since conducting ecologically valid research is often at odds with adhering to ethical principles. In particular, security research can sometimes involve having people taking risks, with their systems and personal information, and/or involve the use of deception, where people may not be informed of the true purpose of a study. This should be an interesting workshop.

WECSR 2010 CFP

Computer security often leads to discovering interesting new problems and challenges. The challenge still remains to follow a path acceptable for Institutional Review Boards at academic institutions, as well as compatible with ethical guidelines for professional societies or government institutions. However, no exact guidelines exist for computer security research yet. This workshop will bring together computer security researchers, practitioners, policy makers, and legal experts.

I was interviewed for an article on the InfoExecutive web site about the effect of trust marks on ecommerce transactions. The article is commenting on a recent study by McAfee reporting a 10% increase in completed transactions when their trust mark appeared on an ecommerce web site. It is an interesting study because they used an A/B design where half the visitors saw a site with the trust mark while half did not. The interesting questions is whether a 10% increase in completion rates is a good finding or a weak one. Also, would any old trust mark have had the same effect, even one the website made up?

Consumers look for e-commerce ‘trustmarks’ – McAfee

Digital window shoppers wandering through cyberspace may be click-happy, but turning browsers into buyers is just as difficult on the World Wide Web as it is in the bricks and mortar marketplace. And sometimes, the determining factor in making the sale is simple security cue, according to a recent study by McAfee Inc.

The report looked at the behaviour of 163 million online shoppers and found that when a security cue like McAfee’s SECURE trustmark was shown to online consumers, sales conversions were 10.85 per cent higher in that group compared to those who were not exposed.

Here is an article from Wired describing another study on how easy it is to influence eyewitness testimony. In an interesting experiment the researchers created fake video clips that showed cheating in a gambling game, and found that, after watching the clip, witnesses to the “cheating” were quite willing to accuse a cheater even when the cheating never really happened. Memories are not literal copies of past events, they are constructions that can be easily altered and manipulated.

Fake Video Can Convince Witnesses to Give False Testimony

Psychologists have long known that our memories of past events can be influenced by misleading information, but now they’ve proven that doctored video evidence can convince people to offer false eyewitness testimony. In a study of 60 college students performing a computerized gambling task, nearly half were willing to testify that they saw their partner cheat in real life after watching fabricated video evidence. Of students who were told that video evidence existed but didn’t watch the footage themselves, only 10 percent gave false testimony.

Sun Media has learned that Canada is installing backscatter x-ray machines at airports. These scanners, which use extremely high frequency millimeter waves, are able to see under clothes to reveal anything hidden within the clothes, including all body parts. The resulting scans are very revealing, with all the body parts visible.

There are a couple of noteworthy quotes from the article that suggest that the deployment has not been fully thought out:

“The scanner took much more time to process travellers than a regular pat-down or metal detector.” The machine was actually able to scan 10% of target number of passengers per hour. I look forward to waiting in line for this one.

Concerning whether to include optional software to blur the genital regions, a CATSA spokesman said: “Once we purchase the technology, then we will see how we will use it and deploy it.” Would it not make more sense to figure this out before money is spent and the machines are used, especially since this is a fundamental privacy issue?

Apparently, a privacy impact report has been submitted to Canada’s Privacy Commissioner. It will be interesting to see what the response is.

Green light for scanners

The Canadian Air Transport Security Authority is charging ahead with plans to buy seven controversial virtual strip search scanners, but has decided against genital blurring software to go with them.

According to documents obtained by Sun Media under Access to Information, CATSA is recommending Transport Canada accept the scanner for use in Canada even though a seven-month trial at Kelowna International Airport showed the machine didn’t meet the security agency’s expectations.

A site at competitivebroadband.com has opened today to spread the word about the current net neutrality crisis in Canada.

This crisis has started because of moves by Bell and Telus to throttle bandwidth and introduce usage-based billing. These incumbent telcos, long subsidized by Canadian tax payers, are attempting to reduce competition and increase prices for everyone, including customers of alternative Internet providers.

Please have a look at the site, read the background material, and send in your letter to your politicians asking for a review of the recent CRTC decisions.

Warning – Keep Broadband Competitive in Canada

Unless you make your voice heard, a CRTC decision sets the stage for rapid increases in prices for your telecommunications and broadband services. You can reverse this decision, and making your voice heard takes only 30 seconds.

Here is an article from The Globe and Mail on Canada’s new lawful access bills. The federal and provincial privacy commissioners are raising concerns about the privacy impacts of the proposed legislation, which would require service providers to install surveillance equipment and allow police unprecedented powers to gather information.

These proposed laws should be getting more attention on Canada before it is too late.

Planned Internet, wireless surveillance laws worry watchdogs

Canada’s federal and provincial privacy watchdogs are expressing concern about two proposed laws that would give authorities much greater surveillance powers over Internet and wireless communications.

…

In June, the Conservative government introduced two bills – the Investigative Powers for the 21st Century Act and the Technical Assistance for Law Enforcement in the 21st Century Act – that would give police sweeping new powers to collect information about Canadian Internet users without a warrant, and activate tracking devices in their cellphones and cars, among other things.

“Canadians put a high value on the privacy, confidentiality and security of their personal communications and our courts have also accorded a high expectation of privacy to such communications,” Ms. Stoddart said in a statement Thursday.

Here is an article from Wired about using brain scanning techniques to show that things that people can’t recall may still be stored in the brain. In this study the researchers from UC Irvine had students try to remember a list of words and found that, for those words the students could not remember, the brain activity was the same as those words they could remember. This indicates that the memories are there, just not accessible.

Back in graduate school I did similar research, without the brain scanning. We also gave people things to remember and then probed them for partial information when they could not recall during a test. A classic phenomenon is a “feeling of knowing” in which a person will state that they know the information being asked, and might even be able to tell you a bit about it (e.g., “the word begins with b”), but they just can’t remember it now. We also used different kinds of memory tests, such as word-completion tasks, to show that partial memories were intact when there appeared to be forgetting.

Lupker, S.J., Harbluk, J.L., & Patrick, A.S. (1991). Memory for things forgotten. Journal of Experimental Psychology: Learning, Memory, & Cognition, 17, 897-907.

Forgotten Memories Are Still in Your Brain

For anyone who’s ever forgotten something or someone they wish they could remember, a bit of solace: Though the memory is hidden from your conscious mind, it might not be gone.

In a study of college students, brain imaging detected patterns of activation that corresponded to memories the students thought they’d lost.

Here is an article from NetworkWorld claiming that an online travel agency in Australia has improved their sales completion rate by deploying Extended Validation (EV) certificates. Our research, on the other hand, shows that users typically do not even look at the area of the browser where certificate information is shown (we used an eye tracker), and have a great deal of difficulty understanding the information if they do look. We also find that the introduction of EV certificates makes the usability worse and security decisions harder. This seems like a thinly veiled advertisement for VeriSign’s products. Buyer beware.

Online travel takes off with EV SSL security

“Since implementing VeriSign’s EV SSL Certificates, our online sales have really taken off. We have experienced greater conversion rates, a reduced rate of booking abandonment and a noticeable drop in customer concerns relating to security issues,” Lynch said.