Exercising Personal Privacy

In my post, “Is Privacy a Right?,” I tell developers that they really need to consider the right of the user to a certain amount of privacy. Books such as C# Design and Development will need to include sections on privacy as part of any update. In fact, privacy is a topic not covered to any extent in any development book on my shelf. The few mentions of privacy appear in older books I’ve written, along with a few moldy references to old books by other authors. If you really want to get a modern treatment of privacy as a question of what the individual requires, you need to look at a non-development book such as “Alone Together: Why We Expect More from Technology and Less from Each Other.” Unfortunately, this book discusses social ramifications—not the techniques a developer uses to ensure privacy. Of course, no matter what the developer does, the user can always thwart any effort to provide privacy, which is the topic of this post.

I find it amazing that people willingly give up their privacy for apparently little or no reason. I read John Dvorak’s post, “I’m Not Home Right Now. Please Come In.” with great interest this morning (after having read the news report that he discusses). The idea that a husband would be able to check up on his cheating wife through an iPhone application is amazing to me. The private detective industry should take note that they’ve been replaced by a phone. It won’t be long before someone comes up with an application to surreptitiously take pictures of the dupe who loads one or more of these applications on their cellphone.

After thinking about this issue for a long time, I’ve come to the conclusion that some people have watched one too many episodes of CSI (and shows of that ilk). There is a sense that someone is going to reach out and grab each of us, and that our cellphones are the only way anyone will find us again. It’s also human nature not to be left out. If people don’t know where we are, we might miss out on something that we think is important at the time, but turns out not to be much of an issue at all in hindsight. I’m sure that little Jerry can find his sock just fine without dad’s intervention over the telephone (a little self-sufficiency does everyone good). The announcement that Maggie has a new tooth can easily wait until mom gets home from the store.

There should be alarm bells going off in the minds of every person who currently owns a cellphone, OnStar, or any other tracking technology. Do you really want someone to follow absolutely every move you make in the interest of providing some uncertain sense of security? Privacy, once lost, is incredibly hard to regain. People should learn how to disconnect in comfort, keep their privacy intact, and discover the wonderful world of being alone every once in a while. I think you’ll find that you’re a lot less stressed once you get used to it. Consider Remembering to Rest as not just beneficial to yourself, but those around you.

Most of all, it’s time that people learn to demand privacy from their technology. Whoever created the new tracking application in the iPhone wasn’t thinking and people should disable it sooner than later. It’s not necessary for vendors to track your every move online. No one gains anything by knowing you’ve gone to the store to buy this week’s groceries. All of the applications that are tracking you are stealing your privacy and making you a target for all of the things you fear most. Don’t give criminals (or marketers) an edge. What is your privacy worth to you? Let me know at [email protected].

 

Windows XP and Advanced Command Line Utilities

Both Windows Command-Line Administration Instant Reference and Administering Windows Server 2008 Server Core contain a number of advanced commands, such as SetX, that don’t come with the operating system. A number of readers have written to ask about these commands and where they can get them. Fortunately, Microsoft makes it easy to get what you need by downloading and installing the Windows XP Service Pack 2 Support Tools.

The Support Tools site contains a list of the commands and utilities you get. Included in this list are two important MMC console configuration files (ADSIEdit.msc and SIDWalk.msc) that make management tasks considerably easier. There is an executable form of ADSIEdit, but Support Tools doesn’t include it and you can’t use ADSIEdit as a command line tool anyway. The SIDWalk utility comes in executable (.exe) form as well so that you can use it in batch files.

In order to install the Support Tools, you must provide 5 MB hard drive space. Of course, coming up with that small amount of space isn’t the problem it once was. You must also have Windows XP Service Pack 2 (or higher) installed.

 

Something that Microsoft doesn’t emphasize is that these tools don’t work with the 64-bit version of Windows XP. Unfortunately, I haven’t found a workaround for the problem. Utilities created for newer 64-bit versions of Windows, such as Windows 7, don’t appear to work with Windows XP. If someone has a solution to this problem, please let me know.

After you download Support Tools, you may have to add a new path to your Windows setup. You perform this task using the Environment Variables dialog box. Simply open the System Properties applet, select the Advanced tab, and click Environment Variables to access it. Make sure you add the path to your installation to the existing Path and don’t overwrite the existing path with the new information. (Highlight the Path entry in the System Variables list and click Edit to display the Edit System Variable dialog box.) In most cases, the Support Tools install to the %Program Files%\Support Tools folder, which means you’d type ;%Program Files%\Support Tools at the end of the existing Path environment variable.

I’ll provide updates to this post as needed. If you have any questions, please contact me at [email protected].

 

Exoskeletons Become Reality

It wasn’t very long ago (see Robotics in Your Future) that I wrote about the role of robotics in accessibility, especially with regard to the exoskeleton. At that time, universities and several vendors were experimenting with exoskeletons and showing how they could help people walk. The software solutions I provide in Accessibility for Everybody are still part of the answer, but more and more it appears that technology will provide more direct answers, which is the point of this post. Imagine my surprised when I opened the September 2011 National Geographic and found an article about eLEGS in it. You can get the flavor of the article in video form on the National Geographic site. Let’s just say that I’m incredibly excited about this turn of events. Imagine, people who had no hope of walking ever again are now doing it!

We’ve moved from experimental to actually distributing this technology—the clinical trials for this device have already begun. The exoskeleton does have limits for now. You need to be under 6 foot 4 inches tall and weigh less than 220 pounds. The candidate must also have good upper body strength. Even so, it’s a great start. As the technology evolves, you can expect to see people doing a lot more walking. Of course, no one who has special needs is running a marathon in this gear yet. However, I can’t even begin to imagine the emotion these people feel when they get up and walk for the first time. The application of this technology is wide ranging. Over 6 million people currently have some form of paralysis that this technology can help.

eLEGS is gesture-based. The way a person moves their arms and upper body determines how the device reacts. Training is required. The person still needs to know how to balance their body and must expend the effort to communicate effectively with the device. I imagine the requirements for using this device will decrease as time goes on. The gestures will become less complex and the strength requirements less arduous.

So, what’s next? Another technology I’ve been watching for a while now is the electronic eye. As far as I know, this device hasn’t entered clinical trials as of yet, but the scientists are working on it. (It has been tested in Germany and could be entering trials in the UK.) The concept is simple. A camera in a special set of glasses transmits visual information to a chip implanted in the person’s eyeball. The chip transmits the required signals to the person’s brain through the optical nerve.  However, the implementation must be terribly hard because our understanding of precisely how all of this works is still flawed.

Even so, look for people who couldn’t walk to walk again soon and those who couldn’t see to see again sometime in the future. There will eventually be technologies to help people hear completely as well. (I haven’t heard of any technology that restores the senses of smell, taste, or touch to those who lack it.) This is an exciting time to live. An aging population will have an increasing number of special needs. Rather than make the end of life a drudge, these devices promise to keep people active. Where do you think science will go next? Let me know at [email protected].

Understanding Line-, Token-, and String-Based Command Line Utilities

My books, Windows Command-Line Administration Instant Reference and Administering Windows Server 2008 Server Core, both contain batch file sections that answer basic needs, but sometimes you need more than basic information to perform a task. A reader asked me how to perform a task using the FindStr utility the other day based on my Regular Expressions with FindStr post. The problem is that FindStr is a line-based utility, and the reader was trying to obtain a token-based result. Using FindStr alone won’t solve the problem. Here is the original reader comment:

 

If I have lines like below in a file called Sum.txt :

Total001 abcdefg
Total002 hijklmn
Total099 opqrstuv

and I use a regular expression to get all the results like “findstr Total[000-099] Sum.txt” the result printed is :

Total001 abcdefg
Total002 hijklmn
Total099 opqrstuv

But I want it to print only the matches to the regular expression like

Total001
Total002
Total099

How can this be done?


And my response:

 

The FindStr
utility is line oriented, which means you obtain an entire line as
output, not individual tokens. In order to accomplish what you want to
do, you need to create a For loop. Using a For
loop would allow you to process the individual tokens in the line. The
following command will do what I think you want to accomplish:




For /F “UseBackQ” %1 In (`FindStr Total[000-099] Sum.txt`) Do @Echo %1




There are two important things to notice here. First, you must provide the “UseBackQ”
option or the command won’t work. The command itself must appear in
back-quotes—not regular quotes. The back-quote normally appears above
the Tab button and to the left of the 1 on a keyboard. It usually
appears with the tilde (~) character.



Using For makes it possible to create a token-based output from the line-based FindStr output. The default For setting relies on the space and tab characters as delimiters, but you can use the Delimiters= option to change the default behavior. However, sometimes a token-based result isn’t enough. You may not want an entire word (or whatever element the delimiters define). In this case, you need a string-based output.

One of the undocumented features of the command line is to create substrings from variables. For example, let’s say you define the following variable:

 

Set MyVariable=Hello World


Now, you want to obtain just a piece of that variable to use somewhere in your batch file. To obtain the substring, you use the tilde (~) operator. This operator uses a 0-based offset. So, let’s say you issue the following command:

 

Echo %MyVariable:~3%


The output of this command is: lo World. The output begins with the forth character, which is an l and displays the remainder of the string. However, let’s say you don’t need the rest of the string. Well, in this case, you can add a second number to define the characters you do need. If you issue this command:

 

Echo %MyVariable:~3,6%


the output is: lo Wor. The output begins with the fourth character and proceeds to the ninth character. The output contains the six characters you requested. In short, it’s possible to perform some fancy string manipulation in batch files as long as you keep the short of output you need in mind. Let me know how you use batch files to perform various sorts of string manipulation at [email protected].

Interacting with the Task Scheduler Service

The Task Scheduler service has become an essential part of Windows. With that in mind, Microsoft has made a change in the way this service works. You can no longer stop it and the service automatically starts when you start Windows. The idea is to ensure that the service is available to meet Windows needs. The change quietly occurred during a Vista update and is automatically part of Windows 7. Consequently, when you try to interact with the service, you get an error message of [SC] OpenService FAILED 5: Access is denied. To see this for yourself, try typing SC Config Schedule Start= Demand and pressing Enter on an update Vista or any Windows 7 system.

The reason I mention this particular issue is that on page 43 of Windows Command-Line Administration Instant Reference, you see instructions for interacting with the Task Scheduler service. You can still query the service and perform some other tasks with it, but you can’t stop it or configure the method used to start it. When you look at this service using the Services console of the Administrative Tools folder, you see that you can’t even change how the service starts as shown here (everything is grayed out).

TaskScheduler01

There are a number of other services that fall into this same category. You can’t stop, start, or reconfigure them. Here is a list of the most common services that you can’t control using the SC utility (you can still query all of them):

  • DCOM Server Process Launcher
  • Group Policy Client
  • Plug and Play
  • Remote Procedure Call (RPC)
  • RPC Endpoint Mapper

Microsoft hasn’t documented the reason why you can’t configure any of these services. However, the reason that Microsoft has made it impossible to change the Task Scheduler service is that Windows 7 uses it extensively. For example, a number of applications rely on the Task Scheduler:

  • System Restore
  • Reliability History
  • Windows Update
  • Other Program Updates

In addition, Windows 7 uses Task Scheduler to perform a number of checks. These checks affect system reliability and stability:

  • TCP/IP Conflicts
  • Disk Diagnosis
  • Network Information
  • System Sound Service
  • Power Controls
  • WinSAT

Even so, you may find that you need to stop the service for some reason. The common technique that you’ll find for overcoming this problem is to perform the task from the registry. Open RegEdit and locate the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Schedule key. The Start value controls how the Task Scheduler starts. Double click this value and change the entry to 4 as shown here to disable the service, or 3 to set it to manual.

TaskScheduler02

Reboot the system. You still won’t be able to make any changes using the SC utility or the GUI, but the status of the service will change to either disabled or manual as you requested. When the service is in manual mode, you can start it manually. Change the Start value back to 2 to re-enable the service. The problem with changing these services is that you don’t know how the change will affect system stability. This is a change at your own risk scenario. Please let me know if you have any questions at [email protected].

Is Privacy a Right?

One of the readers of C# Design and Development took me to task some time ago for not discussion the matter of security in my book. He has been the only reader to ever ask me about the issue of privacy, so I didn’t think too much about it at the time. When I wrote the book, I thought it far more important to discuss security-keeping the data, application, and user safe. In fact, the book makes security part of an application triad the developer must consider during the design process. My thinking at the time was that privacy is a matter settled by management as part of a policy that is often implemented outside the developer’s control. To a certain extent that perception is still valid, but I’ve since learned that the developer does bear some responsibility toward the user when it comes to privacy.

A recent ComputerWorld article has made me think yet again about the whole issue of privacy. In this case, OnStar is collecting absolutely every last bit of information they can about you, without your permission, and selling it to anyone with a few pennies to spend. (A later article says that OnStar is reversing course on this decision.) They do tell you about spying on you, but you’ll only find this information if you read through the legalese contained in the Terms & Conditions. However, there are some people who don’t think you have any right to privacy in the first place. Industry leaders that include Facebook chief Executive, Mark Zuckerberg, Google chief, Eric Schmidt, Sun Microsystems chief, Scott McNealy, and Oracle chief, Larry Ellison would prefer you not to have any privacy whatsoever. They’d simply love to dig into every aspect of your life. The use of newer technologies, such as super cookies, have also proven that companies have a strong desire to invade your privacy.

The design of supercookies and the obvious desire of some technology leaders to invade your online privacy and collect data on you has subsequently inspired many to find ways to hide their IP address. A lot of the time, we are so caught up in luxurious technology, such as iPhones or Macbooks, that we don’t even realize that these devices are collecting data on us and feeding it to all sorts of websites. It’s no surprise that people are now opting to look into VPN’s and proxies to not only hide their IP and therefore protect their personal data, but to unblock websites on Mac and other devices.

So, the developer is faced with a number of questions when it comes to privacy. The most important of which is whether privacy is a right. According to the ComputerWorld article, the senate has finally woken up and decided that perhaps privacy is a matter they really should consider, especially when it comes to such brazen violations such as the one by OnStar. There is some validity to the belief that the Constitution and Bill of Rights offers at least some protection of privacy. Some laws, such as the Health Insurance Portability and Accountability Act (HIPAA) add additional rights. However, I imagine that we’ll experience years of delays, political wrangling, and legal interpretation before those rights are specifically spelled out in a way that developers (and others) can understand.

Assuming that a certain level of privacy is a right and that it’s legally protected, the developer still has a host of questions to answer. Here are some of the things you should think about as a developer when designing an application.

  • What is the company policy regarding privacy?
  • How does an application specifically guard or expose a user’s privacy?
  • When does a user’s right to privacy override the desire of management to invade it?
  • Which rights does a user forfeit as a member of an organization?
  • Is privacy configurable as an opt in or an opt out selection?
  • Precisely what information does the company collect?
  • Precisely what information does the company actually need to conduct business?


If the developer of the OnStar system had included a simple switch for turning the device off (disallowing any eavesdropping of any sort), the whole issue discussed in the ComputerWorld article would be moot. Unfortunately, no one thought to include such a switch, despite the fact that it would have been an obvious design addition. Of course, we don’t need to look specifically at OnStar as a bad example of privacy thwarted. Many applications today include a “call home” feature and won’t even work if you don’t have an Internet connection. In short, someone somewhere is spying on you constantly.

When you look for privacy-related design information for the developer online or in books, you find it mysteriously missing. The reader who called my book into question was right to do so. I hope that this small article has at least started you thinking about privacy and overcomes the omission in my book. Future posts will fill in some additional gaps, but I’d like to hear your perspective on the issue of privacy first. What questions do you have about privacy? How would you design an application that protects user privacy while meeting organizational needs for information? Let me know at [email protected].

 

Obtaining Command Line Help

Both Administering Windows Server 2008 Server Core and it’s more diminutive counterpart, Windows Command-Line Administration Instant Reference, are reference manuals that tell how to use the command line to perform specific tasks. The first book is more complete, in that it contains many uncommon commands and utilities. The second book is designed to provide more hands-on help by supplying a significant number of actual usage examples. In both cases, you get a significant amount of help about the commands. As long as you have one of these two books by your side, you’re in great shape for knowing how to use the commands at the command line. Unfortunately, the reality is that most of us don’t stuff a library full of books in our back pocket. Even with an e-Reader, such as the Kindle, you can be sure of having the device available every time you need it. So, how do you get at least some quick help when there aren’t any resources available?

The first thing to remember is that you can get at least some useful information for any command or utility by using the /? or -? command line switches (some commands and utilities are peculiar in that they require either the /? or the -? command line switch, while many will allow you to use either). For example, when you want to discover how to use the Dir command, you type Dir /? and press Enter. Here’s typical output when using the /? command line switch.

GettingHelp01

This help screen is also typical in showing what you get. Help normally includes a short description of the command, the command line syntax, and a short description of each of the command line switches. You may also see usage examples for more complex commands. In rare cases, the help screen will provide an URL for additional help.

Some commands and utilities are complex enough that they require several help screens. For example, if you type WMIC /? and press Enter, you’ll see a list of help topics, not help of the sort provided for the Dir command. Let’s say you want to know more about the CPU topic. So, now you type WMIC CPU /? and press Enter. The help looks a little more normal now, but still isn’t very complete because you need to choose a subcommand. Perhaps you want just a list of CPUs on a system, so you request information about the List subcommand by typing WMIC CPU List /? and pressing Enter. Wow, now you see a number of listing formats. This time you add a listing format by typing WMIC CPU List Brief /? and pressing Enter. It turns out that you can also discover information about command line switches used with the Brief format. The final level in this case is to type WMIC CPU List Brief /Translate /? and press Enter. The WMIC utility is unique in providing so many levels of help, but other complex commands and utilities, such as Net, do provide multilevel help.

No matter how many help screens you see, sometimes it isn’t enough to give you the help you need. That’s when you need to find your copy of my book to get additional information. Of course, a single book can do only so much—some complex commands and utilities may require still more information. Technet is a good place to start. For example, you can find an excellent article on WMIC at http://technet.microsoft.com/library/bb742610.aspx. Knowledge base articles also provide useful information, especially when it comes to issues that Microsoft has solved for a given command or utility. For example, the Knowledge Base contains an article entitled, “How to find computer serial number” that relies on WMIC. Finally, make sure you look at third party articles, such as the one entitled, “WMIC: the best command line tool you’ve never used.”

Many people complain about not being able to remember all of the commands and utilities, and this is a problem. After you use a command or utility often enough, you tend to remember it, but the memorization process can take time. Unfortunately, there isn’t any single quick method of finding every command or utility on a system. However, you should start by typing Help | More and pressing Enter. (Using the More command lets you see the information that a utility has to provide one screen at a time, rather than seeing the information scroll right past.) You’ll get a list of common commands like this one.

GettingHelp02

Not all of the commands appear on this list and none of the utilities do. Another way to obtain the information you need is to type Dir *.COM and press Enter in the \Windows\system32 directory. (You can type CD \Windows\System32 and press Enter to get to the appropriate directory.) Every directory entry you see is very likely a utility. However, many utilities are in .EXE form, so you also need to type Dir *.EXE | More and press Enter. You can eliminate files that contain more than eight letters in the filename from the list in most cases because command line utilities usually rely on the old 8.3 naming convention. Check filenames that look like they could be what you want by typing Filename /? and pressing Enter (where Filename is the name of the file you want to test). Useful command line utilities will generally display a help screen.

Now that you have a better idea of how to get command line help when you need it and where to obtain a list of useful commands and utilities, you should take some time to try it out for yourself. What techniques do you use to obtain the additional information you need at the command line? Let me know at [email protected].

 

CFLs for Free

If you haven’t heard about the Compact Fluorescent Light (CFL) by now, then you haven’t been paying much attention. They’re talked about on billboards, the television, radio, magazines, and in stores. In fact, it seems as if you can’t escape the CFL. Yet, many people are still buying the old incandescent bulbs created many years ago by Edison. Yes, incandescent bulbs were a marvel at the time, but today they’re costing you money.

A CFL is basically a fluorescent tube light put into a compact form. They consume considerably less energy than incandescent bulbs and last longer too. When I talk to people about CFLs, the biggest complaint I hear is that they cost so much money to buy. (The second biggest is that CFLs output harsh light or that the bulbs have a short life expectancy, neither of which is true any longer.) Of course, the expense is a legitimate complaint—one that I plan to address in this post.

Rebecca and I have switched our entire house to CFLs. When we first moved into our home, our average monthly bill was over $120.00 a month. Today, due to a number of energy saving techniques, we often get by for $50.00 a month despite a lot of price increases over the years. CFLs are a big part of that savings.

There are some tricks you can use to make the changeover a lot more palatable. Start by investing in high quality CFLs. Avoid the cheap Chinese knockoffsget a good bulb from GE or Sylvania, even though the initial cost is higher. Track the amount the bulb saves you each month. You can do that quite simply by checking your bill for a reduction or you can do things more scientifically. Keep a log of how long you use the bulb each day for a monththis represents the hours you use the bulb, then use this equation:

Savings = ((Bulb Watts / 1000) * Hours) * KWH Rate


Let’s say that you replace a 100 watt bulb with a CFL equivalent and you use the bulb for 4 hours each evening for a 30 day month. Your KWH rate (available from your electric bill) is $0.12. The new bulb takes only 26 watts. The original cost of using that bulb is:

((100 / 1000) * 120) * 0.12 or $1.44 per month


The cost of the new bulb is:

((26 / 1000) * 120) * 0.12 or $0.37 per month


Your savings are $1.07 per month from just that one bulb. OK, you can pocket that $1.07 and buy half a cup of coffee with it, or you can put it aside. In one year you’ll save enough money to buy a 12 pack of 100 watt CFL replacements for free (at least, you will if you shop smart). Now you can replace 12 incandescent bulbs and it won’t cost anything.

Here’s the payoff. Each of those replacements will also save on your electric bill. If you use each of those bulbs for the same amount of time each day, your savings increase to $13.91 each month, which means that you can buy the next package of CFLs in a month and end up with around $1.47 in change.

As you get new bulbs that haven’t cost you a penny because you would have spent that money on incandescent bulbs anyway, you can quickly replace all of those incandescent bulbs with CFLs that last longer, produce the same quality of light, and reduce your electric bill.

If you are interested in reducing your electric bill further, then you might want to consider using someone like the best electric companies in Texas, as sometimes changing providers can help reduce your electricity bill as well (although, the best thing that you can do is get things like new bulbs, to help you when it comes to energy savings).

Now you can move onto other things. Start with a programmable thermostat. You’ll find that it saves you money each month as well. If you use your CFL savings to buy the thermostat, it won’t cost you anything. You can extend this to weather stripping and all kinds of other energy saving additionseach of which provides a payoff—an incentive for using it.

It took us about 5 years to replace everything we could in our house that would readily provide a payoff and achieve that energy savings that I talked about earlier. Now, we’re pocketing that extra money. The cost savings will help keep our costs low (and in this economy, who can afford to turn away extra cash).

Eventually, we’ll look at other technologies to reduce our carbon footprint. There are many technologies now that we’ve looked at carefully that don’t actually put any money in your pocket. For example, we looked at windmill technology. By the time you pay for your own personal windmill, not to mention batteries, inverter, and other requirements, you’ll have to wait way too long for payback. Hopefully, this technology will improve with time. The same problem occurs with solar power and some other promising technologiesthey have no payoff right now (they don’t put money in your pocket).

The next technology that does look promising is solar heated hot water. Right now you still have to replace the system before you get a payoff (the longest lasting setup I could find is about five yearsnot long enough for payoff), but I think this is going to change in the near future. As the reliability of these systems improve and more people use them, but the cost will come down and there will be a payoff for those of us who have to be concerned about payoff.

There are also some changes we’ll make simply because we have to, even if there isn’t a payoff. For example, we’re going to have to replace our windows at some point. The old wooden windows are literally rotting in place. When we do make a replacement, we’ll look into buying a higher quality window that will at least partially pay back its installation cost in reduced energy costs. What I’ll try to do is balance the expected energy savings against the additional cost to find that magic point where I get a payback of a sort (the windows won’t ever pay for themselves, but the energy savings will ultimately make the windows less expensive than if I had bought cheaper windows).

Do you often find that the people selling energy saving devices miss the point? I find that the brochures stop short of telling people what the payoff is and how to obtain the devices without spending anything. There is usually some message about doing the planet some good and saving it for our children. These are certainly laudable goals, but the question that concerns me most is, “What’s in it for me?” In our case, it has turned out to be about $70.00 per monthwell worth the effort involved. Let me know your thoughts on using energy saving devices at [email protected].

An Update On Special Needs Device Hacking

I previously posted an entry entitled Security and the Special Needs Person where I described current hacking attempts against special needs devices by security researchers. In that post, I opined that there was probably some better use of the researcher’s time. Rather than give hackers new and wonderful ways to attack the human race, why not find ways to develop secure software that would discourage attempts in the first place? Unfortunately, it seems as if the security researchers are simply determined to keep chewing on this topic until someone gets hurt or killed. I never even considered this topic in my book, “Accessibility for Everybody: Understanding the Section 508 Accessibility Requirements” because it wasn’t an issue at the time of publication, but it certainly is now.

Now there is a ComputerWorld article that talks about wearable devices used to jam the signals of hackers trying to attack those with special needs devices. What do we do next—encase people in a Faraday cage so no one can bother them? I did find the paper referenced in the article, “They Can Hear Your Heartbeats: Non-Invasive Security for Implantable Medical Devices” interesting, but must ask why such measures even necessary. If security researchers would wait until someone actually thinks of an attack before they came up with a remedy, perhaps no one would come up with the attack.

The basis of the shielding technology mentioned in the ComputerWorld article is naive. Supposedly, the shield lets the doctor gain access to the medical device without allowing the hacker access. Unfortunately, if the doctor has access, so does the hacker. Someone will find a way to overcome this security measure, probably a security researcher, and another shield will have to be created that deflects the new attack. The point is that if they want the devices to be truly safe, then they shouldn’t send out a radio signal at all.

The government is involved now too. Reps. Anna G. Eshoo (D-CA) and Edward J. Markey (D-MA), senior members on the House Energy and Commerce Committee, have decided to task the the Government Accountability Office (GAO) with contacting the Federal Communications Commission (FCC) about rules regarding the safety and security of implantable medical devices. I can only hope that the outcome will be laws that make it illegal to even perform research on these devices, but more likely, the efforts will result in yet more bureaucracy and red tape.

There are a number of issues that concern me about the whole idea of people wearing radio transmitters and receivers full time. For one thing, there doesn’t seem to be any research on the long term effects of wearing such devices. (I did find research papers such as, “In-Body RF Communications and the Future of Healthcare” that describe the hardware requirements for transmission, but research on what RF will do to the human body when used in this way seems sadly lacking.) These devices could cause cancer or other diseases. Fortunately, the World Health Organization (WHO) does seem to be involved in a little research on the topic and you can read about it in their article entitled, “What are electromagnetic fields?“.

In addition, now that the person has to wear a jammer to protect the implantable medical device, there is a significant chance of creating interference. Is there a chance that the wearer could create unfortunate situations where the device intended to protect them actually causes harm? The papers I’ve read don’t appear to address this issue. However, given my personal experiences with electromagnetic interference (EMI), it seems quite likely that the combination of implantable medical device and jammer will almost certainly cause problems.

In summary, we have implanted medical devices that use radio signals to make it more convenient for the doctor to monitor the patient and possibly improve the patient’s health as a result. So far, so good. However, the decision to provide this feature seems shortsighted when you consider that security researchers just couldn’t leave well enough alone and had to find a way for hackers to exploit the devices. Then, there doesn’t seem to be any research on the long term negative effects of these devices on the patient or on the jammer that now seems necessary to protect the patient’s health. Is the potential for a positive outcome really worth all of the negatives? Let me know at [email protected].

Security and the Special Needs Person

I’ve written quite a bit about special needs requirements. In my view, everyone who lives long enough will have a special need sometime in their life. In fact, unless you’re incredibly lucky, you probably have some special need right now. It may not be a significant special need (even eyeglasses are a special need), but even small special needs often require another person’s help to fix.

Accessibility, the study of ways to accommodate special needs, is something that should interest everyoneespecially anyone who has technical skills required to make better accessibility aids a reality. It was therefore with great sadness that I read an eWeek article this weekend describing how one researcher used his talents to discover whether it was possible to kill someone by hacking into the device they require to live. Why would someone waste their time and effort doing such a terrible thing? I shook my head in disbelief.

There is a certain truth to the idea that the devices we use to maintain health today, such as insulin pumps, are lacking in security. After all, they are very much like any other Supervisory Control And Data Acquisition (SCADA) device, such as a car, from a software perspective and people are constantly trying to find ways to break into cars. However, cars are not peoplecars are easily replaced devices used for transport. If someone breaks into my car and steals it, I’m sad about it to be sure, but I’m still alive to report the crime to the police. If someone hacks into my pacemaker and causes it to malfunction, I’m just as dead as if they had shot me. In fact, shooting me would probably be far less cruel.

I know that there is a place for security professionals in the software industry, but I’ve become increasingly concerned that they’re focused too much on breaking things and not enough on making them work properly. If these professionals spent their time making software more secure in the first place and giving the bad guys fewer ideas of interesting things to try, then perhaps the software industry wouldn’t be rife with security problems now. Unfortunately, it’s always easier to destroy, than to create. Certainly, this sort of negative research gives the security professionals something to talk about even though it potentially destroys someone’s life in the process.

I’d like to say that this kind of behavior will diminish in the future, but history says otherwise. Unless laws are put in place to make such research illegal, well meaning security professionals will continue dabbling in matters that would be best left alone until someone dies (and even then the legal system will be slow in reacting to a significant problem). I doubt very much that time spent hacking into special needs devices to see just how much damage one can do helps anyone. What is your thought on the matter? Does this sort of research benefit anyone? Let me know what you think at [email protected].