Thursday, June 22, 2006

Social Engineering: Older vs. Newer

Before having my posts blocked @ wittgenstein-dialognet (I've kept my membership) , I was starting to get into how hackers see legal code, in contrast to the stuff lawyers write, which does not self execute on computing machinery.

Legal code is what businesses use to make those check boxes show up in your web browser. Or if you're a visitor to some geek ecovillage, it might be a question about whether you're vegetarian, vegan or whatever.

Illegal code is what crashes the computer, or makes it throw exceptions in some uncontrolled way, assuming this is the fault of the programmers. We guard against it. We train our compilers to barf on it.

So when legislators get together in some big room, with quaint desks, and probably laptops, are their imaginations wrapping around the rule-based interfacing and back end database tables needed to implement their fancy new public policies? No way. Most of them went to law school and don't know how to write any SQL, Python or anything like that. They don't write any code at all, in the sense that we hackers conceive of this art.

I don't chronicle this to be critical, and maybe in your era (when you're reading this), this is no longer true. I merely want to highlight a name collision: legal.code and geek.code (or shall we say it.code, as in "information technology"?). In the geek world, if it doesn't self-execute, it probably isn't legal.

In legalese (an older kind of science fiction, in which pseudo- humans trumped humans when it came to power and responsibility -- a sort of War of the Worlds thing), we have an "executive branch" that handles execution (police and so on), and exceptions are called "crimes" (no matter how buggy the code -- the state's laws don't get much compile time or runtime checking, or would that be the job of the courts?).

Anyway, however it worked, I don't claim to be an expert, it worked very very slowly. Sometimes significant motion was imperceptible, for years at a time. The record filled with speeches (see video archive), resolutions, senses of the Senate and so on, often with no real "bills" attached (a synonym for "bundle of laws" in early 21st Century DC-speak). And when bills did get "passed into law" they often came with no mechanisms for enforcement, nothing for a computer to chew on.

Obviously, as a geek, I'm more interested in snappy performance, and so expect multi-threaded applications, intelligent prioritization, everything we've come to expect from a secure, well-designed GNU operating system.

USA OS is my idealized legal-code-based USA operating system, the stuff of geek science fiction (a newer kind, that takes a lot of stress off those poor police, who have no idea how to "enforce" half the laws a creaky old U.S.A. Congress sees fit to pass, so often as a way of obliging the few people who put them in office (remember about those pseudo-humans (aka "corporations") having more official legal control? (anyway, it was complicated and I don't think anyone really understood it, not even the ones making out like bandits))).

A sad spectacle in my time: an education system that shared quasi-zero geek culture, just Hollywood versions of same, and therefore lots of public debate completely controlled by obsolete namespaces with a proven track record of not doing a good job.

Legislators couldn't read, let alone write, source code, not even freely accessible source code, because they had never needed this skill to become our chief social engineers, both at the state and federal levels.

How could things have been this crazy? Just read the history. Computers were still new back then. Senators such as Robert C. Byrd, Ted Kennedy, Orrin Hatch and Arlen Specter predated the invention of tcp/ip itself. So their notion of "legal code" was understandably antediluvean by the standards of today's more computer literate cultures.

Case in point: a big scandal in the news was the theft of millions of veterans' records when a laptop computer belonging to a VA employee was stolen during a burglary. This was one such dramatic story among many. Fraud and incompetence were rampant, and opportunities for identity abuse were on the rise across the board. Scam artists were having a field day.

Various legislators, executives, and judges made noises about fixing the problem, but few seemed to have a clue about what design sciences might be involved. As any hacker could tell you, if you wanted to address identity theft coherently, you'd need to think about consolidating personal information on secure identity servers. Let potential clients or gatekeeping authorities check your credentials, but also keep a record of who has checked and for what information.

Have your cyber identity serve you, not you your identity -- especially if it's a stolen one (a crime the legalese speakers seemed unable to address coherently, except by making more speeches and writing more illegal -- as in non-executable -- code).

Monitor your online identity, shape it.

It's your record.